Search in sources :

Example 6 with AllowedAddressPairs

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs in project netvirt by opendaylight.

the class EgressAclServiceImpl method egressAclDhcpAllowClientTraffic.

/**
 * Add rule to ensure only DHCP server traffic from the specified mac is allowed.
 *
 * @param dpId the dpid
 * @param allowedAddresses the allowed addresses
 * @param lportTag the lport tag
 * @param addOrRemove whether to add or remove the flow
 */
private void egressAclDhcpAllowClientTraffic(BigInteger dpId, List<AllowedAddressPairs> allowedAddresses, int lportTag, int addOrRemove) {
    List<InstructionInfo> instructions = getDispatcherTableResubmitInstructions();
    for (AllowedAddressPairs aap : allowedAddresses) {
        if (!AclServiceUtils.isIPv4Address(aap)) {
            continue;
        }
        List<MatchInfoBase> matches = new ArrayList<>();
        matches.addAll(AclServiceUtils.buildDhcpMatches(AclConstants.DHCP_CLIENT_PORT_IPV4, AclConstants.DHCP_SERVER_PORT_IPV4, lportTag, serviceMode));
        matches.add(new MatchEthernetSource(aap.getMacAddress()));
        String flowName = "Egress_DHCP_Client_v4" + dpId + "_" + lportTag + "_" + aap.getMacAddress().getValue() + "_Permit_";
        syncFlow(dpId, getAclAntiSpoofingTable(), flowName, AclConstants.PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
    }
}
Also used : InstructionInfo(org.opendaylight.genius.mdsalutil.InstructionInfo) MatchEthernetSource(org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource) ArrayList(java.util.ArrayList) AllowedAddressPairs(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs) MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase)

Example 7 with AllowedAddressPairs

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs in project netvirt by opendaylight.

the class EgressAclServiceImpl method programL2BroadcastAllowRule.

/**
 * Programs Non-IP broadcast rules.
 *
 * @param port the Acl Interface port
 * @param addOrRemove whether to delete or add flow
 */
private void programL2BroadcastAllowRule(AclInterface port, int addOrRemove) {
    BigInteger dpId = port.getDpId();
    int lportTag = port.getLPortTag();
    List<AllowedAddressPairs> allowedAddresses = port.getAllowedAddressPairs();
    Set<MacAddress> macs = allowedAddresses.stream().map(aap -> aap.getMacAddress()).collect(Collectors.toSet());
    for (MacAddress mac : macs) {
        List<MatchInfoBase> matches = new ArrayList<>();
        matches.add(new MatchEthernetSource(mac));
        matches.add(AclServiceUtils.buildLPortTagMatch(lportTag, serviceMode));
        List<InstructionInfo> instructions = getDispatcherTableResubmitInstructions();
        String flowName = "Egress_L2Broadcast_" + dpId + "_" + lportTag + "_" + mac.getValue();
        syncFlow(dpId, getAclAntiSpoofingTable(), flowName, AclConstants.PROTO_L2BROADCAST_TRAFFIC_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
    }
}
Also used : ServiceModeIngress(org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeIngress) LoggerFactory(org.slf4j.LoggerFactory) MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase) AclServiceUtils(org.opendaylight.netvirt.aclservice.utils.AclServiceUtils) ArrayList(java.util.ArrayList) ServiceIndex(org.opendaylight.genius.utils.ServiceIndex) AllowedAddressPairs(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs) MatchEthernetSource(org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource) AclInterfaceCache(org.opendaylight.netvirt.aclservice.api.AclInterfaceCache) MatchEthernetType(org.opendaylight.genius.mdsalutil.matches.MatchEthernetType) BigInteger(java.math.BigInteger) NwConstants(org.opendaylight.genius.mdsalutil.NwConstants) MDSALUtil(org.opendaylight.genius.mdsalutil.MDSALUtil) MacAddress(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress) MatchArpSha(org.opendaylight.genius.mdsalutil.matches.MatchArpSha) AclServiceOFFlowBuilder(org.opendaylight.netvirt.aclservice.utils.AclServiceOFFlowBuilder) DirectionBase(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionBase) AclInterface(org.opendaylight.netvirt.aclservice.api.utils.AclInterface) MatchCriteria(org.opendaylight.netvirt.aclservice.api.AclServiceManager.MatchCriteria) BoundServices(org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServices) Logger(org.slf4j.Logger) AclConstants(org.opendaylight.netvirt.aclservice.utils.AclConstants) AclDataUtil(org.opendaylight.netvirt.aclservice.utils.AclDataUtil) LogicalDatastoreType(org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType) JobCoordinator(org.opendaylight.infrautils.jobcoordinator.JobCoordinator) Set(java.util.Set) Collectors(java.util.stream.Collectors) WriteTransaction(org.opendaylight.controller.md.sal.binding.api.WriteTransaction) DataBroker(org.opendaylight.controller.md.sal.binding.api.DataBroker) List(java.util.List) InstructionInfo(org.opendaylight.genius.mdsalutil.InstructionInfo) InstanceIdentifier(org.opendaylight.yangtools.yang.binding.InstanceIdentifier) IMdsalApiManager(org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager) InstructionGotoTable(org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable) Action(org.opendaylight.netvirt.aclservice.api.AclServiceManager.Action) IpPrefixOrAddress(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress) Collections(java.util.Collections) Instruction(org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.Instruction) DirectionEgress(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionEgress) MatchEthernetSource(org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource) ArrayList(java.util.ArrayList) MacAddress(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress) InstructionInfo(org.opendaylight.genius.mdsalutil.InstructionInfo) BigInteger(java.math.BigInteger) AllowedAddressPairs(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs) MatchInfoBase(org.opendaylight.genius.mdsalutil.MatchInfoBase)

Example 8 with AllowedAddressPairs

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs in project netvirt by opendaylight.

the class EgressAclServiceImpl method programAntiSpoofingRules.

@Override
protected void programAntiSpoofingRules(AclInterface port, List<AllowedAddressPairs> allowedAddresses, Action action, int addOrRemove) {
    LOG.info("{} programAntiSpoofingRules for port {}, AAPs={}, action={}, addOrRemove={}", this.directionString, port.getInterfaceId(), allowedAddresses, action, addOrRemove);
    BigInteger dpid = port.getDpId();
    int lportTag = port.getLPortTag();
    if (action != Action.UPDATE) {
        egressAclDhcpDropServerTraffic(dpid, lportTag, addOrRemove);
        egressAclDhcpv6DropServerTraffic(dpid, lportTag, addOrRemove);
        egressAclIcmpv6DropRouterAdvts(dpid, lportTag, addOrRemove);
        egressAclIcmpv6AllowedList(dpid, lportTag, addOrRemove);
        programL2BroadcastAllowRule(port, addOrRemove);
    }
    List<AllowedAddressPairs> filteredAAPs = AclServiceUtils.excludeMulticastAAPs(allowedAddresses);
    egressAclDhcpAllowClientTraffic(dpid, filteredAAPs, lportTag, addOrRemove);
    egressAclDhcpv6AllowClientTraffic(dpid, filteredAAPs, lportTag, addOrRemove);
    programArpRule(dpid, filteredAAPs, lportTag, addOrRemove);
}
Also used : BigInteger(java.math.BigInteger) AllowedAddressPairs(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs)

Example 9 with AllowedAddressPairs

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs in project netvirt by opendaylight.

the class AbstractAclServiceImpl method syncRemoteAclTable.

private void syncRemoteAclTable(String portId, Uuid acl, Integer aclTag, List<AllowedAddressPairs> aaps, int addOrRemove) {
    Map<String, Set<AclInterface>> mapAclWithPortSet = aclDataUtil.getRemoteAclInterfaces(acl, this.direction);
    Set<BigInteger> dpns = collectDpns(mapAclWithPortSet);
    for (AllowedAddressPairs aap : aaps) {
        if (!AclServiceUtils.isNotIpAllNetwork(aap)) {
            continue;
        }
        if (aclServiceUtils.skipDeleteInCaseOfOverlappingIP(portId, acl, aap.getIpAddress(), addOrRemove)) {
            LOG.debug("Skipping delete of IP={} in remote ACL table for remoteAclId={}, portId={}", aap.getIpAddress(), portId, acl.getValue());
            continue;
        }
        for (BigInteger dpId : dpns) {
            programRemoteAclTableFlow(dpId, aclTag, aap, addOrRemove);
        }
    }
}
Also used : SortedSet(java.util.SortedSet) Set(java.util.Set) HashSet(java.util.HashSet) BigInteger(java.math.BigInteger) AllowedAddressPairs(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs)

Example 10 with AllowedAddressPairs

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs in project netvirt by opendaylight.

the class AclServiceUtilsTest method buildAAp.

private AllowedAddressPairs buildAAp(String addr) {
    AllowedAddressPairsBuilder aapb = new AllowedAddressPairsBuilder();
    aapb.setIpAddress(new IpPrefixOrAddress(addr.toCharArray()));
    aapb.setMacAddress(new MacAddress("AA:BB:CC:DD:EE:FF"));
    return aapb.build();
}
Also used : IpPrefixOrAddress(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress) AllowedAddressPairsBuilder(org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairsBuilder) MacAddress(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress)

Aggregations

AllowedAddressPairs (org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs)18 ArrayList (java.util.ArrayList)14 MatchInfoBase (org.opendaylight.genius.mdsalutil.MatchInfoBase)12 IpPrefixOrAddress (org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress)12 InstructionInfo (org.opendaylight.genius.mdsalutil.InstructionInfo)9 BigInteger (java.math.BigInteger)7 MacAddress (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress)7 MatchEthernetType (org.opendaylight.genius.mdsalutil.matches.MatchEthernetType)6 List (java.util.List)5 Set (java.util.Set)5 InstructionGotoTable (org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable)5 MatchEthernetSource (org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource)5 AclInterface (org.opendaylight.netvirt.aclservice.api.utils.AclInterface)5 IpAddress (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddress)5 IpPrefix (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix)5 Collections (java.util.Collections)4 HashMap (java.util.HashMap)4 HashSet (java.util.HashSet)4 SortedSet (java.util.SortedSet)4 DataBroker (org.opendaylight.controller.md.sal.binding.api.DataBroker)4