use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs in project netvirt by opendaylight.
the class EgressAclServiceImpl method egressAclDhcpAllowClientTraffic.
/**
* Add rule to ensure only DHCP server traffic from the specified mac is allowed.
*
* @param dpId the dpid
* @param allowedAddresses the allowed addresses
* @param lportTag the lport tag
* @param addOrRemove whether to add or remove the flow
*/
private void egressAclDhcpAllowClientTraffic(BigInteger dpId, List<AllowedAddressPairs> allowedAddresses, int lportTag, int addOrRemove) {
List<InstructionInfo> instructions = getDispatcherTableResubmitInstructions();
for (AllowedAddressPairs aap : allowedAddresses) {
if (!AclServiceUtils.isIPv4Address(aap)) {
continue;
}
List<MatchInfoBase> matches = new ArrayList<>();
matches.addAll(AclServiceUtils.buildDhcpMatches(AclConstants.DHCP_CLIENT_PORT_IPV4, AclConstants.DHCP_SERVER_PORT_IPV4, lportTag, serviceMode));
matches.add(new MatchEthernetSource(aap.getMacAddress()));
String flowName = "Egress_DHCP_Client_v4" + dpId + "_" + lportTag + "_" + aap.getMacAddress().getValue() + "_Permit_";
syncFlow(dpId, getAclAntiSpoofingTable(), flowName, AclConstants.PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
}
use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs in project netvirt by opendaylight.
the class EgressAclServiceImpl method programL2BroadcastAllowRule.
/**
* Programs Non-IP broadcast rules.
*
* @param port the Acl Interface port
* @param addOrRemove whether to delete or add flow
*/
private void programL2BroadcastAllowRule(AclInterface port, int addOrRemove) {
BigInteger dpId = port.getDpId();
int lportTag = port.getLPortTag();
List<AllowedAddressPairs> allowedAddresses = port.getAllowedAddressPairs();
Set<MacAddress> macs = allowedAddresses.stream().map(aap -> aap.getMacAddress()).collect(Collectors.toSet());
for (MacAddress mac : macs) {
List<MatchInfoBase> matches = new ArrayList<>();
matches.add(new MatchEthernetSource(mac));
matches.add(AclServiceUtils.buildLPortTagMatch(lportTag, serviceMode));
List<InstructionInfo> instructions = getDispatcherTableResubmitInstructions();
String flowName = "Egress_L2Broadcast_" + dpId + "_" + lportTag + "_" + mac.getValue();
syncFlow(dpId, getAclAntiSpoofingTable(), flowName, AclConstants.PROTO_L2BROADCAST_TRAFFIC_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
}
use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs in project netvirt by opendaylight.
the class EgressAclServiceImpl method programAntiSpoofingRules.
@Override
protected void programAntiSpoofingRules(AclInterface port, List<AllowedAddressPairs> allowedAddresses, Action action, int addOrRemove) {
LOG.info("{} programAntiSpoofingRules for port {}, AAPs={}, action={}, addOrRemove={}", this.directionString, port.getInterfaceId(), allowedAddresses, action, addOrRemove);
BigInteger dpid = port.getDpId();
int lportTag = port.getLPortTag();
if (action != Action.UPDATE) {
egressAclDhcpDropServerTraffic(dpid, lportTag, addOrRemove);
egressAclDhcpv6DropServerTraffic(dpid, lportTag, addOrRemove);
egressAclIcmpv6DropRouterAdvts(dpid, lportTag, addOrRemove);
egressAclIcmpv6AllowedList(dpid, lportTag, addOrRemove);
programL2BroadcastAllowRule(port, addOrRemove);
}
List<AllowedAddressPairs> filteredAAPs = AclServiceUtils.excludeMulticastAAPs(allowedAddresses);
egressAclDhcpAllowClientTraffic(dpid, filteredAAPs, lportTag, addOrRemove);
egressAclDhcpv6AllowClientTraffic(dpid, filteredAAPs, lportTag, addOrRemove);
programArpRule(dpid, filteredAAPs, lportTag, addOrRemove);
}
use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs in project netvirt by opendaylight.
the class AbstractAclServiceImpl method syncRemoteAclTable.
private void syncRemoteAclTable(String portId, Uuid acl, Integer aclTag, List<AllowedAddressPairs> aaps, int addOrRemove) {
Map<String, Set<AclInterface>> mapAclWithPortSet = aclDataUtil.getRemoteAclInterfaces(acl, this.direction);
Set<BigInteger> dpns = collectDpns(mapAclWithPortSet);
for (AllowedAddressPairs aap : aaps) {
if (!AclServiceUtils.isNotIpAllNetwork(aap)) {
continue;
}
if (aclServiceUtils.skipDeleteInCaseOfOverlappingIP(portId, acl, aap.getIpAddress(), addOrRemove)) {
LOG.debug("Skipping delete of IP={} in remote ACL table for remoteAclId={}, portId={}", aap.getIpAddress(), portId, acl.getValue());
continue;
}
for (BigInteger dpId : dpns) {
programRemoteAclTableFlow(dpId, aclTag, aap, addOrRemove);
}
}
}
use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs in project netvirt by opendaylight.
the class AclServiceUtilsTest method buildAAp.
private AllowedAddressPairs buildAAp(String addr) {
AllowedAddressPairsBuilder aapb = new AllowedAddressPairsBuilder();
aapb.setIpAddress(new IpPrefixOrAddress(addr.toCharArray()));
aapb.setMacAddress(new MacAddress("AA:BB:CC:DD:EE:FF"));
return aapb.build();
}
Aggregations