aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/utils/AclConstants.java

   1 /*
   2  * Copyright (c) 2016 Ericsson India Global Services Pvt Ltd. and others. All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.netvirt.aclservice.utils;
  10
  11 import com.google.common.collect.ImmutableList;
  12 import java.math.BigInteger;
  13 import java.util.ArrayList;
  14 import java.util.List;
  15 import org.opendaylight.genius.mdsalutil.NwConstants;
  16 import org.opendaylight.genius.mdsalutil.packet.IPProtocols;
  17 import org.opendaylight.yangtools.yang.common.Uint64;
  18
  19 /**
  20  * The class to have ACL related constants.
  21  */
  22 public interface AclConstants {
  23
  24     // TODO: Temporarily having below two constants until they are renamed in NwConstants itself.
  25     String INGRESS_ACL_SERVICE_NAME = NwConstants.ACL_SERVICE_NAME;
  26     short INGRESS_ACL_SERVICE_INDEX = NwConstants.ACL_SERVICE_INDEX;
  27
  28     Integer PROTO_IPV6_DROP_PRIORITY = 63020;
  29     Integer PROTO_IPV6_ALLOWED_PRIORITY = 63010;
  30     Integer PROTO_DHCP_SERVER_MATCH_PRIORITY = 63010;
  31     Integer PROTO_DHCP_SERVER_DROP_PRIORITY = 62020;
  32     Integer PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY = 63010;
  33     Integer PROTO_ARP_TRAFFIC_MATCH_PRIORITY = 63010;
  34     Integer PROTO_ARP_TRAFFIC_DROP_PRIORITY = 63009;
  35     Integer PROTO_L2BROADCAST_TRAFFIC_MATCH_PRIORITY = 61005;
  36     Integer PROTO_MATCH_PRIORITY = 61010;
  37     Integer PROTO_IP_TRAFFIC_DROP_PRIORITY = 61009;
  38     Integer PROTO_PREFIX_MATCH_PRIORITY = 61008;
  39
  40     Integer CT_STATE_UNTRACKED_PRIORITY = 340;
  41     Integer CT_STATE_TRACKED_EXIST_PRIORITY = 62030;
  42     Integer CT_STATE_TRACKED_INVALID_PRIORITY = 62020;
  43     Integer CT_STATE_TRACKED_NEW_PRIORITY = 310;
  44     Integer CT_STATE_TRACKED_NEW_DROP_PRIORITY = 50;
  45     Integer NO_PRIORITY = 50;
  46
  47     Integer COMMITTER_TABLE_DROP_PRIORITY = 62019;
  48
  49     Integer ACE_DEFAULT_PRIORITY = 1000;
  50     Integer ACE_LAST_REMOTE_ACL_PRIORITY = 230;
  51     Integer ACE_GOTO_NEXT_REMOTE_ACL_PRIORITY = 220;
  52     Integer ACE_FIRST_REMOTE_ACL_PRIORITY = 210;
  53     Integer ACL_DEFAULT_PRIORITY = 100;
  54     Integer ACL_PORT_SPECIFIC_DROP_PRIORITY = 50;
  55     Integer ACL_TABLE_MISS_PRIORITY = 0;
  56
  57     short DHCP_CLIENT_PORT_IPV4 = 68;
  58     short DHCP_SERVER_PORT_IPV4 = 67;
  59     short DHCP_CLIENT_PORT_IPV6 = 546;
  60     short DHCP_SERVER_PORT_IPV6 = 547;
  61
  62     Uint64 COOKIE_ACL_BASE = Uint64.valueOf("6900000", 16).intern();
  63     Uint64 COOKIE_ACL_DROP_FLOW = Uint64.valueOf("6900001", 16).intern();
  64     Uint64 METADATA_DROP_FLAG = Uint64.valueOf(BigInteger.ONE).intern();
  65
  66     int TRACKED_EST_CT_STATE = 0x22;
  67     int TRACKED_REL_CT_STATE = 0x24;
  68     int TRACKED_NEW_CT_STATE = 0x21;
  69     int TRACKED_INV_CT_STATE = 0x30;
  70     int TRACKED_RPL_CT_STATE = 0x20;
  71     int TRACKED_CT_STATE = 0x20;
  72     int UNTRACKED_CT_STATE = 0x00;
  73
  74     int TRACKED_EST_CT_STATE_MASK = 0x37;
  75     int TRACKED_REL_CT_STATE_MASK = 0x37;
  76     int TRACKED_NEW_CT_STATE_MASK = 0x21;
  77     int TRACKED_INV_CT_STATE_MASK = 0x30;
  78     int TRACKED_RPL_CT_STATE_MASK = 0x28;
  79     int TRACKED_CT_STATE_MASK = 0x20;
  80
  81     int CT_MARK_NEW_STATE = 0x0;
  82     int CT_MARK_EST_STATE = 0x1;
  83     int CT_MARK_EST_STATE_MASK = 0x1;
  84
  85     String IPV4_ALL_NETWORK = "0.0.0.0/0";
  86     String IPV6_ALL_NETWORK = "::/0";
  87     String IPV6_LINK_LOCAL_PREFIX = "fe80::/10";
  88     String BROADCAST_MAC = "ff:ff:ff:ff:ff:ff";
  89     String IPV4_ALL_SUBNET_BROADCAST_ADDR = "255.255.255.255";
  90
  91     long TCP_FLAG_SYN = 1 << 1;
  92     long TCP_FLAG_ACK = 1 << 4;
  93     long TCP_FLAG_SYN_ACK = TCP_FLAG_SYN + TCP_FLAG_ACK;
  94     int ALL_LAYER4_PORT = 65535;
  95     int ALL_LAYER4_PORT_MASK = 0x0000;
  96
  97     Short IP_PROT_ICMPV6 = 58;
  98     int ICMPV4_TYPE_ECHO_REQUEST = 8;
  99     int ICMPV4_TYPE_ECHO_REPLY = 0;
 100     int ICMPV6_TYPE_ECHO_REQUEST = 128;
 101     int ICMPV6_TYPE_ECHO_REPLY = 129;
 102     int ICMPV6_TYPE_MLD_QUERY = 130;
 103     int ICMPV6_TYPE_RS = 133;
 104     int ICMPV6_TYPE_RA = 134;
 105     int ICMPV6_TYPE_NS = 135;
 106     int ICMPV6_TYPE_NA = 136;
 107     int ICMPV6_TYPE_MLD2_REPORT = 143;
 108
 109     int SECURITY_GROUP_ICMP_IDLE_TIME_OUT = 30;
 110
 111     String ACL_TAG_POOL_NAME = "ACL-TAG-POOL";
 112     long ACL_TAG_POOL_START = 1L;
 113     long ACL_TAG_POOL_END = 10000L;
 114
 115     int SOURCE_LOWER_PORT_UNSPECIFIED = -1;
 116     int SOURCE_UPPER_PORT_UNSPECIFIED = -1;
 117     int DEST_LOWER_PORT_UNSPECIFIED = -1;
 118     int DEST_UPPER_PORT_UNSPECIFIED = -1;
 119     int DEST_LOWER_PORT_HTTP = 80;
 120     int DEST_LOWER_PORT_2 = 2;
 121     int DEST_UPPER_PORT_3 = 3;
 122     int DEST_UPPER_PORT_HTTP = 80;
 123     int SOURCE_REMOTE_IP_PREFIX_SPECIFIED = 1;
 124     int SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED = -1;
 125     int DEST_REMOTE_IP_PREFIX_SPECIFIED = 1;
 126     int DEST_REMOTE_IP_PREFIX_UNSPECIFIED = -1;
 127     int INVALID_ACL_TAG = -1;
 128
 129     String ACL_SYNC_KEY_EXT = "-acl";
 130     int JOB_MAX_RETRIES = 3;
 131     int ACEDELETE_MAX_RETRIES = 3;
 132     int FLOWS_PER_TRANSACTION = 30;
 133     int ACES_PER_TRANSACTION = 30;
 134
 135     String ACL_JOB_KEY_PREFIX = "ACL-";
 136
 137     List<IPProtocols> PROTOCOLS_SUPPORTED_BY_CONNTRACK =
 138             ImmutableList.of(IPProtocols.TCP, IPProtocols.UDP, IPProtocols.ICMP, IPProtocols.IPV6ICMP);
 139
 140     static List<Integer> allowedIcmpv6NdList() {
 141         List<Integer> icmpv6NdList = new ArrayList<>();
 142         icmpv6NdList.add(ICMPV6_TYPE_RS);
 143         icmpv6NdList.add(ICMPV6_TYPE_NS);
 144         icmpv6NdList.add(ICMPV6_TYPE_NA);
 145         return icmpv6NdList;
 146     }
 147 }