use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.SourcePortRange in project netvirt by opendaylight.
the class AclMatches method invertMatches.
public static Matches invertMatches(Matches matches) {
LOG.trace("Invert matches: {}", matches);
MatchesBuilder matchesBuilder = new MatchesBuilder(matches);
if (matches.getAceType() instanceof AceIp) {
AceIp aceIp = (AceIp) matches.getAceType();
AceIpBuilder aceIpBuilder = new AceIpBuilder(aceIp);
aceIpBuilder.setDestinationPortRange(null);
aceIpBuilder.setSourcePortRange(null);
SourcePortRange sourcePortRange = aceIp.getSourcePortRange();
DestinationPortRange destinationPortRange = aceIp.getDestinationPortRange();
if (sourcePortRange != null) {
DestinationPortRangeBuilder destinationPortRangeBuilder = new DestinationPortRangeBuilder();
destinationPortRangeBuilder.setLowerPort(sourcePortRange.getLowerPort());
destinationPortRangeBuilder.setUpperPort(sourcePortRange.getUpperPort());
aceIpBuilder.setDestinationPortRange(destinationPortRangeBuilder.build());
}
if (destinationPortRange != null) {
SourcePortRangeBuilder sourcePortRangeBuilder = new SourcePortRangeBuilder();
sourcePortRangeBuilder.setLowerPort(destinationPortRange.getLowerPort());
sourcePortRangeBuilder.setUpperPort(destinationPortRange.getUpperPort());
aceIpBuilder.setSourcePortRange(sourcePortRangeBuilder.build());
}
if (aceIp.getAceIpVersion() instanceof AceIpv4) {
AceIpv4 aceIpv4 = (AceIpv4) aceIp.getAceIpVersion();
Ipv4Prefix destinationIpv4Network = aceIpv4.getDestinationIpv4Network();
Ipv4Prefix sourceIpv4Network = aceIpv4.getSourceIpv4Network();
AceIpv4Builder aceIpv4Builder = new AceIpv4Builder(aceIpv4);
aceIpv4Builder.setDestinationIpv4Network(sourceIpv4Network);
aceIpv4Builder.setSourceIpv4Network(destinationIpv4Network);
aceIpBuilder.setAceIpVersion(aceIpv4Builder.build());
} else if (aceIp.getAceIpVersion() instanceof AceIpv6) {
AceIpv6 aceIpv6 = (AceIpv6) aceIp.getAceIpVersion();
Ipv6Prefix destinationIpv6Network = aceIpv6.getDestinationIpv6Network();
Ipv6Prefix sourceIpv6Network = aceIpv6.getSourceIpv6Network();
AceIpv6Builder aceIpv6Builder = new AceIpv6Builder(aceIpv6);
aceIpv6Builder.setDestinationIpv6Network(sourceIpv6Network);
aceIpv6Builder.setSourceIpv6Network(destinationIpv6Network);
aceIpBuilder.setAceIpVersion(aceIpv6Builder.build());
}
matchesBuilder.setAceType(aceIpBuilder.build());
} else if (matches.getAceType() instanceof AceEth) {
AceEth aceEth = (AceEth) matches.getAceType();
MacAddress destinationMacAddress = aceEth.getDestinationMacAddress();
MacAddress destinationMacAddressMask = aceEth.getDestinationMacAddressMask();
MacAddress sourceMacAddress = aceEth.getSourceMacAddress();
MacAddress sourceMacAddressMask = aceEth.getSourceMacAddressMask();
AceEthBuilder aceEthBuilder = new AceEthBuilder(aceEth);
aceEthBuilder.setDestinationMacAddress(sourceMacAddress);
aceEthBuilder.setDestinationMacAddressMask(sourceMacAddressMask);
aceEthBuilder.setSourceMacAddress(destinationMacAddress);
aceEthBuilder.setSourceMacAddressMask(destinationMacAddressMask);
matchesBuilder.setAceType(aceEthBuilder.build());
}
Matches invertedMatches = matchesBuilder.build();
LOG.trace("Inverted matches: {}", invertedMatches);
return invertedMatches;
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.SourcePortRange in project netvirt by opendaylight.
the class AclMatchesTest method invertIpv6MatchTest.
@Test
public void invertIpv6MatchTest() {
AceIpBuilder aceIpBuilder = new AceIpBuilder();
aceIpBuilder.setProtocol(IPProtocols.TCP.shortValue());
aceIpBuilder.setDscp(new Dscp(DSCP_VALUE));
SourcePortRangeBuilder srcPortRange = new SourcePortRangeBuilder();
srcPortRange.setLowerPort(new PortNumber(TCP_SRC_LOWER_PORT));
srcPortRange.setUpperPort(new PortNumber(TCP_SRC_UPPER_PORT));
SourcePortRange sourcePortRange = srcPortRange.build();
aceIpBuilder.setSourcePortRange(sourcePortRange);
DestinationPortRangeBuilder dstPortRange = new DestinationPortRangeBuilder();
dstPortRange.setLowerPort(new PortNumber(TCP_DST_LOWER_PORT));
dstPortRange.setUpperPort(new PortNumber(TCP_DST_UPPER_PORT));
DestinationPortRange destinationPortRange = dstPortRange.build();
aceIpBuilder.setDestinationPortRange(destinationPortRange);
AceIpv6Builder aceIpv6Builder = new AceIpv6Builder();
aceIpv6Builder.setDestinationIpv6Network(new Ipv6Prefix(IPV6_DST_STR));
aceIpv6Builder.setSourceIpv6Network(new Ipv6Prefix(IPV6_SRC_STR));
AceIpv6 aceIpv6 = aceIpv6Builder.build();
aceIpBuilder.setAceIpVersion(aceIpv6);
MatchesBuilder matchesBuilder = new MatchesBuilder();
AceIp aceIp = aceIpBuilder.build();
matchesBuilder.setAceType(aceIp);
Matches matches = matchesBuilder.build();
Matches invertedMatches = AclMatches.invertMatches(matches);
assertNotEquals(matches, invertedMatches);
AceIp invertedAceIp = (AceIp) invertedMatches.getAceType();
assertEquals(invertedAceIp.getDscp(), aceIp.getDscp());
assertEquals(invertedAceIp.getProtocol(), aceIp.getProtocol());
DestinationPortRange invertedDestinationPortRange = invertedAceIp.getDestinationPortRange();
assertEquals(invertedDestinationPortRange.getLowerPort(), sourcePortRange.getLowerPort());
assertEquals(invertedDestinationPortRange.getUpperPort(), sourcePortRange.getUpperPort());
SourcePortRange invertedSourcePortRange = invertedAceIp.getSourcePortRange();
assertEquals(invertedSourcePortRange.getLowerPort(), destinationPortRange.getLowerPort());
assertEquals(invertedSourcePortRange.getUpperPort(), destinationPortRange.getUpperPort());
AceIpv6 invertedAceIpv6 = (AceIpv6) invertedAceIp.getAceIpVersion();
assertEquals(invertedAceIpv6.getDestinationIpv6Network(), aceIpv6.getSourceIpv6Network());
assertEquals(invertedAceIpv6.getSourceIpv6Network(), aceIpv6.getDestinationIpv6Network());
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.SourcePortRange in project netvirt by opendaylight.
the class AclServiceOFFlowBuilder method programUdpFlow.
/**
*Converts UDP matches to flows.
* @param acl the access control list
* @return the map containing the flows and the respective flow id
*/
public static Map<String, List<MatchInfoBase>> programUdpFlow(AceIp acl) {
Map<String, List<MatchInfoBase>> flowMatchesMap = new HashMap<>();
SourcePortRange sourcePortRange = acl.getSourcePortRange();
DestinationPortRange destinationPortRange = acl.getDestinationPortRange();
if (sourcePortRange == null && destinationPortRange == null) {
List<MatchInfoBase> flowMatches = new ArrayList<>();
flowMatches.addAll(addSrcIpMatches(acl));
flowMatches.addAll(addDstIpMatches(acl));
flowMatches.add(new MatchIpProtocol(acl.getProtocol()));
String flowId = "UDP_SOURCE_ALL_";
flowMatchesMap.put(flowId, flowMatches);
return flowMatchesMap;
}
if (sourcePortRange != null) {
Map<Integer, Integer> portMaskMap = getLayer4MaskForRange(sourcePortRange.getLowerPort().getValue(), sourcePortRange.getUpperPort().getValue());
for (Entry<Integer, Integer> entry : portMaskMap.entrySet()) {
Integer port = entry.getKey();
List<MatchInfoBase> flowMatches = new ArrayList<>();
flowMatches.addAll(addSrcIpMatches(acl));
flowMatches.addAll(addDstIpMatches(acl));
Integer mask = entry.getValue();
if (mask != AclConstants.ALL_LAYER4_PORT_MASK) {
flowMatches.add(new NxMatchUdpSourcePort(port, mask));
}
flowMatches.add(new MatchIpProtocol(acl.getProtocol()));
String flowId = "UDP_SOURCE_" + port + "_" + mask;
flowMatchesMap.put(flowId, flowMatches);
}
}
if (destinationPortRange != null) {
Map<Integer, Integer> portMaskMap = getLayer4MaskForRange(destinationPortRange.getLowerPort().getValue(), destinationPortRange.getUpperPort().getValue());
for (Entry<Integer, Integer> entry : portMaskMap.entrySet()) {
Integer port = entry.getKey();
List<MatchInfoBase> flowMatches = new ArrayList<>();
flowMatches.addAll(addSrcIpMatches(acl));
flowMatches.addAll(addDstIpMatches(acl));
Integer mask = entry.getValue();
if (mask != AclConstants.ALL_LAYER4_PORT_MASK) {
flowMatches.add(new NxMatchUdpDestinationPort(port, mask));
}
flowMatches.add(new MatchIpProtocol(acl.getProtocol()));
String flowId = "UDP_DESTINATION_" + port + "_" + mask;
flowMatchesMap.put(flowId, flowMatches);
}
}
return flowMatchesMap;
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.SourcePortRange in project netvirt by opendaylight.
the class AclServiceOFFlowBuilder method programIcmpFlow.
/**
*Converts icmp matches to flows.
* @param acl the access control list
* @return the map containing the flows and the respective flow id
*/
public static Map<String, List<MatchInfoBase>> programIcmpFlow(AceIp acl) {
List<MatchInfoBase> flowMatches = new ArrayList<>();
flowMatches.addAll(addSrcIpMatches(acl));
flowMatches.addAll(addDstIpMatches(acl));
// For ICMP port range indicates type and code
SourcePortRange sourcePortRange = acl.getSourcePortRange();
String flowId = "ICMP_";
if (sourcePortRange != null) {
if (acl.getAceIpVersion() instanceof AceIpv4) {
flowMatches.add(new MatchIcmpv4(sourcePortRange.getLowerPort().getValue().shortValue(), sourcePortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V4_SOURCE_" + sourcePortRange.getLowerPort().getValue() + sourcePortRange.getUpperPort().getValue();
} else if (acl.getAceIpVersion() instanceof AceIpv6) {
flowMatches.add(new MatchIcmpv6(sourcePortRange.getLowerPort().getValue().shortValue(), sourcePortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V6_SOURCE_" + sourcePortRange.getLowerPort().getValue() + "_" + sourcePortRange.getUpperPort().getValue() + "_";
}
}
DestinationPortRange destinationPortRange = acl.getDestinationPortRange();
if (destinationPortRange != null) {
if (acl.getAceIpVersion() instanceof AceIpv4) {
flowMatches.add(new MatchIcmpv4(destinationPortRange.getLowerPort().getValue().shortValue(), destinationPortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V4_DESTINATION_" + destinationPortRange.getLowerPort().getValue() + destinationPortRange.getUpperPort().getValue() + "_";
} else if (acl.getAceIpVersion() instanceof AceIpv6) {
flowMatches.add(new MatchIcmpv6(destinationPortRange.getLowerPort().getValue().shortValue(), destinationPortRange.getUpperPort().getValue().shortValue()));
flowId = flowId + "V6_DESTINATION_" + destinationPortRange.getLowerPort().getValue() + destinationPortRange.getUpperPort().getValue() + "_";
}
}
if (acl.getAceIpVersion() instanceof AceIpv6 && acl.getProtocol() == NwConstants.IP_PROT_ICMP) {
// We are aligning our implementation similar to Neutron Firewall driver where a Security
// Group rule with "Ethertype as IPv6 and Protocol as icmp" is treated as ICMPV6 SG Rule.
flowMatches.add(new MatchIpProtocol(AclConstants.IP_PROT_ICMPV6));
} else {
flowMatches.add(new MatchIpProtocol(acl.getProtocol()));
}
Map<String, List<MatchInfoBase>> flowMatchesMap = new HashMap<>();
flowMatchesMap.put(flowId, flowMatches);
return flowMatchesMap;
}
use of org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.SourcePortRange in project netvirt by opendaylight.
the class AclMatchesTest method invertIpv4MatchTest.
@Test
public void invertIpv4MatchTest() {
AceIpBuilder aceIpBuilder = new AceIpBuilder();
aceIpBuilder.setProtocol(IPProtocols.UDP.shortValue());
aceIpBuilder.setDscp(new Dscp(DSCP_VALUE));
DestinationPortRangeBuilder dstPortRange = new DestinationPortRangeBuilder();
dstPortRange.setLowerPort(new PortNumber(UDP_DST_LOWER_PORT));
dstPortRange.setUpperPort(new PortNumber(UDP_DST_UPPER_PORT));
DestinationPortRange destinationPortRange = dstPortRange.build();
aceIpBuilder.setDestinationPortRange(destinationPortRange);
AceIpv4Builder aceIpv4Builder = new AceIpv4Builder();
aceIpv4Builder.setDestinationIpv4Network(new Ipv4Prefix(IPV4_DST_STR));
aceIpv4Builder.setSourceIpv4Network(new Ipv4Prefix(IPV4_SRC_STR));
AceIpv4 aceIpv4 = aceIpv4Builder.build();
aceIpBuilder.setAceIpVersion(aceIpv4);
MatchesBuilder matchesBuilder = new MatchesBuilder();
AceIp aceIp = aceIpBuilder.build();
matchesBuilder.setAceType(aceIp);
Matches matches = matchesBuilder.build();
Matches invertedMatches = AclMatches.invertMatches(matches);
assertNotEquals(matches, invertedMatches);
AceIp invertedAceIp = (AceIp) invertedMatches.getAceType();
assertEquals(invertedAceIp.getDscp(), aceIp.getDscp());
assertEquals(invertedAceIp.getProtocol(), aceIp.getProtocol());
DestinationPortRange invertedDestinationPortRange = invertedAceIp.getDestinationPortRange();
assertNull(invertedDestinationPortRange);
SourcePortRange invertedSourcePortRange = invertedAceIp.getSourcePortRange();
assertEquals(invertedSourcePortRange.getLowerPort(), destinationPortRange.getLowerPort());
assertEquals(invertedSourcePortRange.getUpperPort(), destinationPortRange.getUpperPort());
AceIpv4 invertedAceIpv4 = (AceIpv4) invertedAceIp.getAceIpVersion();
assertEquals(invertedAceIpv4.getDestinationIpv4Network(), aceIpv4.getSourceIpv4Network());
assertEquals(invertedAceIpv4.getSourceIpv4Network(), aceIpv4.getDestinationIpv4Network());
}
Aggregations