use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress in project netvirt by opendaylight.
the class AclServiceTestBase method newInterfaceWithDstPortRange.
@Test
public void newInterfaceWithDstPortRange() throws Exception {
LOG.info("newInterfaceWithDstPortRange - start");
newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder().interfaceName(PORT_1).addAllIpPrefixOrAddress(Collections.singletonList(new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
// Given
Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 333, 777, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_TCP);
dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1).newMatches(matches).newDirection(DirectionEgress.class).build());
matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, 2000, 2003, AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED, (short) NwConstants.IP_PROT_UDP);
dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches).newDirection(DirectionIngress.class).build());
// When
putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
asyncEventsWaiter.awaitEventsConsumption();
// Then
newInterfaceWithDstPortRangeCheck();
LOG.info("newInterfaceWithDstPortRange - end");
}
use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress in project netvirt by opendaylight.
the class AclServiceTestBase method newInterfaceWithUdpDstAcl.
@Test
public void newInterfaceWithUdpDstAcl() throws Exception {
LOG.info("newInterfaceWithUdpDstAcl - start");
newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_2));
dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder().interfaceName(PORT_1).addAllIpPrefixOrAddress(Collections.singletonList(new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
dataBrokerUtil.put(new IdentifiedSubnetIpPrefixBuilder().interfaceName(PORT_2).addAllIpPrefixOrAddress(Collections.singletonList(new IpPrefixOrAddress(SUBNET_IP_PREFIX_1.toCharArray()))));
// Given
Matches matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_HTTP, AclConstants.DEST_UPPER_PORT_HTTP, AclConstants.SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_SPECIFIED, (short) NwConstants.IP_PROT_UDP);
dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_1).newMatches(matches).newDirection(DirectionEgress.class).build());
matches = newMatch(AclConstants.SOURCE_LOWER_PORT_UNSPECIFIED, AclConstants.SOURCE_UPPER_PORT_UNSPECIFIED, AclConstants.DEST_LOWER_PORT_HTTP, AclConstants.DEST_UPPER_PORT_HTTP, AclConstants.SOURCE_REMOTE_IP_PREFIX_SPECIFIED, AclConstants.DEST_REMOTE_IP_PREFIX_UNSPECIFIED, (short) NwConstants.IP_PROT_UDP);
dataBrokerUtil.put(new IdentifiedAceBuilder().sgUuid(SG_UUID_1).newRuleName(SR_UUID_1_2).newMatches(matches).newDirection(DirectionIngress.class).newRemoteGroupId(new Uuid(SG_UUID_1)).build());
// When
putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
asyncEventsWaiter.awaitEventsConsumption();
// Then
newInterfaceWithUdpDstAclCheck();
LOG.info("newInterfaceWithUdpDstAcl - end");
}
use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress in project netvirt by opendaylight.
the class IngressAclServiceImpl method programIpv4BroadcastRule.
/**
* Programs IPv4 broadcast rules.
*
* @param port the Acl Interface port
* @param addOrRemove whether to delete or add flow
*/
private void programIpv4BroadcastRule(AclInterface port, int addOrRemove) {
BigInteger dpId = port.getDpId();
int lportTag = port.getLPortTag();
MatchInfoBase lportMatchInfo = AclServiceUtils.buildLPortTagMatch(lportTag, serviceMode);
List<IpPrefixOrAddress> cidrs = port.getSubnetIpPrefixes();
if (cidrs != null) {
List<String> broadcastAddresses = AclServiceUtils.getIpBroadcastAddresses(cidrs);
for (String broadcastAddress : broadcastAddresses) {
List<MatchInfoBase> matches = AclServiceUtils.buildBroadcastIpV4Matches(broadcastAddress);
matches.add(lportMatchInfo);
List<InstructionInfo> instructions = new ArrayList<>();
instructions.add(new InstructionGotoTable(getAclConntrackClassifierTable()));
String flowName = "Ingress_v4_Broadcast_" + dpId + "_" + lportTag + "_" + broadcastAddress + "_Permit";
syncFlow(dpId, getAclAntiSpoofingTable(), flowName, AclConstants.PROTO_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
} else {
LOG.warn("IP Broadcast CIDRs are missing for port {}", port.getInterfaceId());
}
}
use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress in project netvirt by opendaylight.
the class AclInterfaceStateListener method add.
@Override
protected void add(InstanceIdentifier<Interface> key, Interface added) {
if (!L2vlan.class.equals(added.getType())) {
return;
}
org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface iface;
iface = interfaceManager.getInterfaceInfoFromConfigDataStore(added.getName());
if (iface == null) {
LOG.error("No interface with name {} available in interfaceConfig, servicing interfaceState ADD" + "for ACL failed", added.getName());
return;
}
InterfaceAcl aclInPort = iface.getAugmentation(InterfaceAcl.class);
if (aclInPort == null) {
LOG.trace("Interface {} is not an ACL Interface, ignoring ADD interfaceState event", added.getName());
return;
}
AclInterface aclInterface = aclInterfaceCache.addOrUpdate(added.getName(), (prevAclInterface, builder) -> {
builder.dpId(AclServiceUtils.getDpIdFromIterfaceState(added)).lPortTag(added.getIfIndex()).isMarkedForDelete(false);
if (AclServiceUtils.isOfInterest(prevAclInterface)) {
if (prevAclInterface.getSubnetIpPrefixes() == null) {
// For upgrades
List<IpPrefixOrAddress> subnetIpPrefixes = AclServiceUtils.getSubnetIpPrefixes(dataBroker, added.getName());
builder.subnetIpPrefixes(subnetIpPrefixes);
}
SortedSet<Integer> ingressRemoteAclTags = aclServiceUtils.getRemoteAclTags(aclInPort.getSecurityGroups(), DirectionIngress.class);
SortedSet<Integer> egressRemoteAclTags = aclServiceUtils.getRemoteAclTags(aclInPort.getSecurityGroups(), DirectionEgress.class);
builder.ingressRemoteAclTags(ingressRemoteAclTags).egressRemoteAclTags(egressRemoteAclTags);
}
});
if (AclServiceUtils.isOfInterest(aclInterface)) {
List<Uuid> aclList = aclInterface.getSecurityGroups();
if (aclList != null) {
aclDataUtil.addAclInterfaceMap(aclList, aclInterface);
}
if (aclInterface.getElanId() == null) {
LOG.debug("On Add event, skip ADD since ElanId is not updated");
return;
}
if (aclClusterUtil.isEntityOwner()) {
LOG.debug("On add event, notify ACL service manager to add ACL for interface: {}", aclInterface);
aclServiceManger.notify(aclInterface, null, Action.BIND);
if (aclList != null) {
aclServiceUtils.addAclPortsLookup(aclInterface, aclList, aclInterface.getAllowedAddressPairs());
}
aclServiceManger.notify(aclInterface, null, Action.ADD);
}
}
}
use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress in project netvirt by opendaylight.
the class VxlanGreConntrackBasedSnatService method createOutboundTblEntryForVxlanGre.
protected void createOutboundTblEntryForVxlanGre(BigInteger dpnId, long routerId, Long extNetVpnId, List<ExternalIps> externalIps, int elanId, int addOrRemove) {
LOG.info("createOutboundTblEntryForVxlanGre: Install Outbound table flow on dpId {} for routerId {}", dpnId, routerId);
List<MatchInfoBase> matches = new ArrayList<>();
matches.add(MatchEthernetType.IPV4);
matches.add(new NxMatchCtState(TRACKED_NEW_CT_STATE, TRACKED_NEW_CT_MASK));
matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
if (externalIps.isEmpty()) {
LOG.error("createOutboundTblEntryForVxlanGre: No externalIP present for routerId {}", routerId);
return;
}
// The logic now handle only one external IP per router, others if present will be ignored.
String externalIp = externalIps.get(0).getIpAddress();
List<ActionInfo> actionsInfos = new ArrayList<>();
if (addOrRemove == NwConstants.ADD_FLOW) {
ActionSetFieldMeta actionSetFieldMeta = new ActionSetFieldMeta(MetaDataUtil.getVpnIdMetadata(extNetVpnId));
actionsInfos.add(actionSetFieldMeta);
}
List<ActionNxConntrack.NxCtAction> ctActionsListCommit = new ArrayList<>();
int rangePresent = NxActionNatRangePresent.NXNATRANGEIPV4MIN.getIntValue();
int flags = NxActionNatFlags.NXNATFSRC.getIntValue();
ActionNxConntrack.NxCtAction nxCtActionCommit = new ActionNxConntrack.NxNat(0, flags, rangePresent, new IpPrefixOrAddress(externalIp.toCharArray()).getIpAddress(), null, 0, 0);
ctActionsListCommit.add(nxCtActionCommit);
int ctCommitFlag = 1;
ActionNxConntrack actionNxConntrackSubmit = new ActionNxConntrack(ctCommitFlag, 0, elanId, NwConstants.NAPT_PFIB_TABLE, ctActionsListCommit);
actionsInfos.add(actionNxConntrackSubmit);
List<InstructionInfo> instructions = new ArrayList<>();
instructions.add(new InstructionApplyActions(actionsInfos));
String flowRef = getFlowRef(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, routerId);
syncFlow(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, flowRef, NatConstants.SNAT_NEW_FLOW_PRIORITY, flowRef, NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
}
Aggregations