Search in sources :

Example 11 with IpPrefixOrAddress

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress in project netvirt by opendaylight.

the class AclServiceTestBase method newInterfaceWithDstPortRange.

@Test
public void newInterfaceWithDstPortRange() throws Exception {
    LOG.info("newInterfaceWithDstPortRange - start");
    newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
    dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder().interfaceName(PORT_1).addAllIpPrefixOrAddress(Collections.singletonList(new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
    // Given
    Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 333, 777, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_TCP);
    dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1).newMatches(matches).newDirection(DirectionEgress.class).build());
    matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 2000, 2003, AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED, (short) NwConstants.IP_PROT_UDP);
    dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches).newDirection(DirectionIngress.class).build());
    // When
    putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
    asyncEventsWaiter.awaitEventsConsumption();
    // Then
    newInterfaceWithDstPortRangeCheck();
    LOG.info("newInterfaceWithDstPortRange - end");
}
Also used : Matches(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches) IpPrefixOrAddress(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress) Test(org.junit.Test)

Example 12 with IpPrefixOrAddress

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress in project netvirt by opendaylight.

the class AclServiceTestBase method newInterfaceWithUdpDstAcl.

@Test
public void newInterfaceWithUdpDstAcl() throws Exception {
    LOG.info("newInterfaceWithUdpDstAcl - start");
    newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
    newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2));
    dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder().interfaceName(PORT_1).addAllIpPrefixOrAddress(Collections.singletonList(new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
    dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder().interfaceName(PORT_2).addAllIpPrefixOrAddress(Collections.singletonList(new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
    // Given
    Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_HTTP, AclConstants.DEST_UPPER_PORT_HTTP, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_UDP);
    dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1).newMatches(matches).newDirection(DirectionEgress.class).build());
    matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_HTTP, AclConstants.DEST_UPPER_PORT_HTTP, AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED, (short) NwConstants.IP_PROT_UDP);
    dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches).newDirection(DirectionIngress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
    // When
    putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
    putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
    asyncEventsWaiter.awaitEventsConsumption();
    // Then
    newInterfaceWithUdpDstAclCheck();
    LOG.info("newInterfaceWithUdpDstAcl - end");
}
Also used : Uuid(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid) Matches(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches) IpPrefixOrAddress(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress) DirectionIngress(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionIngress) Test(org.junit.Test)

Example 13 with IpPrefixOrAddress

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress in project netvirt by opendaylight.

the class IngressAclServiceImpl method programIpv4BroadcastRule.

/**
 * Programs IPv4 broadcast rules.
 *
 * @param port the Acl Interface port
 * @param addOrRemove whether to delete or add flow
 */
private void programIpv4BroadcastRule(AclInterface port, int addOrRemove) {
    BigInteger dpId = port.getDpId();
    int lportTag = port.getLPortTag();
    MatchInfoBase lportMatchInfo = AclServiceUtils.buildLPortTagMatch(lportTag, serviceMode);
    List<IpPrefixOrAddress> cidrs = port.getSubnetIpPrefixes();
    if (cidrs != null) {
        List<String> broadcastAddresses = AclServiceUtils.getIpBroadcastAddresses(cidrs);
        for (String broadcastAddress : broadcastAddresses) {
            List<MatchInfoBase> matches = AclServiceUtils.buildBroadcastIpV4Matches(broadcastAddress);
            matches.add(lportMatchInfo);
            List<InstructionInfo> instructions = new ArrayList<>();
            instructions.add(new InstructionGotoTable(getAclConntrackClassifierTable()));
            String flowName = "Ingress_v4_Broadcast_" + dpId + "_" + lportTag + "_" + broadcastAddress + "_Permit";
            syncFlow(dpId, getAclAntiSpoofingTable(), flowName, AclConstants.PROTO_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
        }
    } else {
        LOG.warn("IP Broadcast CIDRs are missing for port {}", port.getInterfaceId());
    }
}
Also used : InstructionGotoTable(org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable) InstructionInfo(org.opendaylight.genius.mdsalutil.InstructionInfo) IpPrefixOrAddress(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress) ArrayList(java.util.ArrayList) BigInteger(java.math.BigInteger) MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase)

Example 14 with IpPrefixOrAddress

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress in project netvirt by opendaylight.

the class AclInterfaceStateListener method add.

@Override
protected void add(InstanceIdentifier<Interface> key, Interface added) {
    if (!L2vlan.class.equals(added.getType())) {
        return;
    }
    org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface iface;
    iface = interfaceManager.getInterfaceInfoFromConfigDataStore(added.getName());
    if (iface == null) {
        LOG.error("No interface with name {} available in interfaceConfig, servicing interfaceState ADD" + "for ACL failed", added.getName());
        return;
    }
    InterfaceAcl aclInPort = iface.getAugmentation(InterfaceAcl.class);
    if (aclInPort == null) {
        LOG.trace("Interface {} is not an ACL Interface, ignoring ADD interfaceState event", added.getName());
        return;
    }
    AclInterface aclInterface = aclInterfaceCache.addOrUpdate(added.getName(), (prevAclInterface, builder) -> {
        builder.dpId(AclServiceUtils.getDpIdFromIterfaceState(added)).lPortTag(added.getIfIndex()).isMarkedForDelete(false);
        if (AclServiceUtils.isOfInterest(prevAclInterface)) {
            if (prevAclInterface.getSubnetIpPrefixes() == null) {
                // For upgrades
                List<IpPrefixOrAddress> subnetIpPrefixes = AclServiceUtils.getSubnetIpPrefixes(dataBroker, added.getName());
                builder.subnetIpPrefixes(subnetIpPrefixes);
            }
            SortedSet<Integer> ingressRemoteAclTags = aclServiceUtils.getRemoteAclTags(aclInPort.getSecurityGroups(), DirectionIngress.class);
            SortedSet<Integer> egressRemoteAclTags = aclServiceUtils.getRemoteAclTags(aclInPort.getSecurityGroups(), DirectionEgress.class);
            builder.ingressRemoteAclTags(ingressRemoteAclTags).egressRemoteAclTags(egressRemoteAclTags);
        }
    });
    if (AclServiceUtils.isOfInterest(aclInterface)) {
        List<Uuid> aclList = aclInterface.getSecurityGroups();
        if (aclList != null) {
            aclDataUtil.addAclInterfaceMap(aclList, aclInterface);
        }
        if (aclInterface.getElanId() == null) {
            LOG.debug("On Add event, skip ADD since ElanId is not updated");
            return;
        }
        if (aclClusterUtil.isEntityOwner()) {
            LOG.debug("On add event, notify ACL service manager to add ACL for interface: {}", aclInterface);
            aclServiceManger.notify(aclInterface, null, Action.BIND);
            if (aclList != null) {
                aclServiceUtils.addAclPortsLookup(aclInterface, aclList, aclInterface.getAllowedAddressPairs());
            }
            aclServiceManger.notify(aclInterface, null, Action.ADD);
        }
    }
}
Also used : AclInterface(org.opendaylight.netvirt.aclservice.api.utils.AclInterface) L2vlan(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.iana._if.type.rev140508.L2vlan) IpPrefixOrAddress(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress) InterfaceAcl(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl) Uuid(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid)

Example 15 with IpPrefixOrAddress

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress in project netvirt by opendaylight.

the class VxlanGreConntrackBasedSnatService method createOutboundTblEntryForVxlanGre.

protected void createOutboundTblEntryForVxlanGre(BigInteger dpnId, long routerId, Long extNetVpnId, List<ExternalIps> externalIps, int elanId, int addOrRemove) {
    LOG.info("createOutboundTblEntryForVxlanGre: Install Outbound table flow on dpId {} for routerId {}", dpnId, routerId);
    List<MatchInfoBase> matches = new ArrayList<>();
    matches.add(MatchEthernetType.IPV4);
    matches.add(new NxMatchCtState(TRACKED_NEW_CT_STATE, TRACKED_NEW_CT_MASK));
    matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
    if (externalIps.isEmpty()) {
        LOG.error("createOutboundTblEntryForVxlanGre: No externalIP present for routerId {}", routerId);
        return;
    }
    // The logic now handle only one external IP per router, others if present will be ignored.
    String externalIp = externalIps.get(0).getIpAddress();
    List<ActionInfo> actionsInfos = new ArrayList<>();
    if (addOrRemove == NwConstants.ADD_FLOW) {
        ActionSetFieldMeta actionSetFieldMeta = new ActionSetFieldMeta(MetaDataUtil.getVpnIdMetadata(extNetVpnId));
        actionsInfos.add(actionSetFieldMeta);
    }
    List<ActionNxConntrack.NxCtAction> ctActionsListCommit = new ArrayList<>();
    int rangePresent = NxActionNatRangePresent.NXNATRANGEIPV4MIN.getIntValue();
    int flags = NxActionNatFlags.NXNATFSRC.getIntValue();
    ActionNxConntrack.NxCtAction nxCtActionCommit = new ActionNxConntrack.NxNat(0, flags, rangePresent, new IpPrefixOrAddress(externalIp.toCharArray()).getIpAddress(), null, 0, 0);
    ctActionsListCommit.add(nxCtActionCommit);
    int ctCommitFlag = 1;
    ActionNxConntrack actionNxConntrackSubmit = new ActionNxConntrack(ctCommitFlag, 0, elanId, NwConstants.NAPT_PFIB_TABLE, ctActionsListCommit);
    actionsInfos.add(actionNxConntrackSubmit);
    List<InstructionInfo> instructions = new ArrayList<>();
    instructions.add(new InstructionApplyActions(actionsInfos));
    String flowRef = getFlowRef(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, routerId);
    syncFlow(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, flowRef, NatConstants.SNAT_NEW_FLOW_PRIORITY, flowRef, NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
}
Also used : MatchMetadata(org.opendaylight.genius.mdsalutil.matches.MatchMetadata) IpPrefixOrAddress(org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.types.rev160517.IpPrefixOrAddress) ArrayList(java.util.ArrayList) ActionInfo(org.opendaylight.genius.mdsalutil.ActionInfo) ActionNxConntrack(org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack) NxMatchCtState(org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtState) ActionSetFieldMeta(org.opendaylight.genius.mdsalutil.actions.ActionSetFieldMeta) NxCtAction(org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack.NxCtAction) InstructionInfo(org.opendaylight.genius.mdsalutil.InstructionInfo) NxCtAction(org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack.NxCtAction) InstructionApplyActions(org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions) MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase)

Aggregations

IpPrefixOrAddress (org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress)26 ArrayList (java.util.ArrayList)12 Test (org.junit.Test)12 MatchInfoBase (org.opendaylight.genius.mdsalutil.MatchInfoBase)10 Matches (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches)8 InstructionInfo (org.opendaylight.genius.mdsalutil.InstructionInfo)7 IpAddress (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddress)7 IpPrefix (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix)7 MacAddress (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress)7 Uuid (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid)7 AllowedAddressPairs (org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs)7 InstructionGotoTable (org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable)4 ActionInfo (org.opendaylight.genius.mdsalutil.ActionInfo)3 ActionNxConntrack (org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack)3 NxCtAction (org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack.NxCtAction)3 InstructionApplyActions (org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions)3 MatchMetadata (org.opendaylight.genius.mdsalutil.matches.MatchMetadata)3 Ipv4Prefix (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix)3 DirectionIngress (org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionIngress)3 BigInteger (java.math.BigInteger)2