2 * Copyright (c) 2018 Ericsson India Global Services Pvt Ltd. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.netvirt.aclservice.utils;
11 import com.google.common.collect.Lists;
12 import java.math.BigInteger;
13 import java.util.ArrayList;
14 import java.util.Collections;
15 import java.util.List;
16 import org.eclipse.jdt.annotation.Nullable;
17 import org.opendaylight.genius.infra.Datastore.Configuration;
18 import org.opendaylight.genius.infra.TypedWriteTransaction;
19 import org.opendaylight.genius.mdsalutil.ActionInfo;
20 import org.opendaylight.genius.mdsalutil.FlowEntity;
21 import org.opendaylight.genius.mdsalutil.InstructionInfo;
22 import org.opendaylight.genius.mdsalutil.MDSALUtil;
23 import org.opendaylight.genius.mdsalutil.MatchInfo;
24 import org.opendaylight.genius.mdsalutil.MatchInfoBase;
25 import org.opendaylight.genius.mdsalutil.MetaDataUtil;
26 import org.opendaylight.genius.mdsalutil.NwConstants;
27 import org.opendaylight.genius.mdsalutil.actions.ActionNxCtClear;
28 import org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit;
29 import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions;
30 import org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable;
31 import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
32 import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType;
33 import org.opendaylight.genius.mdsalutil.matches.MatchIcmpv6;
34 import org.opendaylight.genius.mdsalutil.matches.MatchIpProtocol;
35 import org.opendaylight.genius.mdsalutil.matches.MatchMetadata;
36 import org.opendaylight.genius.mdsalutil.matches.MatchUdpDestinationPort;
37 import org.opendaylight.genius.mdsalutil.matches.MatchUdpSourcePort;
38 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtMark;
39 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtState;
40 import org.opendaylight.genius.mdsalutil.packet.IPProtocols;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.config.rev160806.AclserviceConfig;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.config.rev160806.AclserviceConfig.DefaultBehavior;
43 import org.slf4j.Logger;
44 import org.slf4j.LoggerFactory;
47 * The transaction builder class for ACL node default flows.
49 * @author Somashekar Byrappa
51 public class AclNodeDefaultFlowsTxBuilder {
53 private static final Logger LOG = LoggerFactory.getLogger(AclNodeDefaultFlowsTxBuilder.class);
55 private final BigInteger dpId;
56 private final IMdsalApiManager mdsalManager;
57 private final AclserviceConfig config;
58 private final TypedWriteTransaction<Configuration> tx;
60 public AclNodeDefaultFlowsTxBuilder(BigInteger dpId, IMdsalApiManager mdsalManager, AclserviceConfig config,
61 TypedWriteTransaction<Configuration> tx) {
63 this.mdsalManager = mdsalManager;
69 createTableDefaultEntries();
74 * Creates the table default entries.
76 private void createTableDefaultEntries() {
77 addStatefulIngressDefaultFlows();
78 addStatefulEgressDefaultFlows();
81 private void addStatefulIngressDefaultFlows() {
82 addIngressAclTableMissFlows();
83 addIngressDropFlows();
84 addIngressAntiSpoofingTableGotoFlows();
85 addIngressConntrackClassifierFlows();
86 addIngressConntrackStateRules();
89 private void addStatefulEgressDefaultFlows() {
90 addEgressAclTableMissFlows();
92 addEgressConntrackClassifierFlows();
93 addEgressConntrackStateRules();
94 addEgressAllowBroadcastFlow();
95 addEgressCtClearRule();
99 * Adds the ingress acl table miss flows.
101 private void addIngressAclTableMissFlows() {
102 InstructionInfo writeMetatdata = AclServiceUtils.getWriteMetadataForDropFlag();
103 List<InstructionInfo> instructions = Lists.newArrayList(writeMetatdata);
104 addGotoOrResubmitTableMissFlow(NwConstants.INGRESS_ACL_ANTI_SPOOFING_TABLE,
105 NwConstants.INGRESS_ACL_COMMITTER_TABLE, instructions);
107 writeMetatdata = AclServiceUtils
108 .getWriteMetadataForAclClassifierType(AclConntrackClassifierType.NON_CONNTRACK_SUPPORTED);
109 instructions = Lists.newArrayList(writeMetatdata);
110 addGotoOrResubmitTableMissFlow(NwConstants.INGRESS_ACL_CONNTRACK_CLASSIFIER_TABLE,
111 NwConstants.INGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE, instructions);
113 addDropOrAllowTableMissFlow(NwConstants.INGRESS_ACL_CONNTRACK_SENDER_TABLE,
114 NwConstants.INGRESS_ACL_FOR_EXISTING_TRAFFIC_TABLE);
115 addGotoOrResubmitTableMissFlow(NwConstants.INGRESS_ACL_FOR_EXISTING_TRAFFIC_TABLE,
116 NwConstants.INGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE);
117 addDropOrAllowTableMissFlow(NwConstants.INGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE,
118 NwConstants.INGRESS_ACL_RULE_BASED_FILTER_TABLE);
119 addGotoOrResubmitTableMissFlow(NwConstants.INGRESS_ACL_RULE_BASED_FILTER_TABLE,
120 NwConstants.INGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE);
121 addGotoOrResubmitTableMissFlow(NwConstants.INGRESS_REMOTE_ACL_TABLE,
122 NwConstants.INGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE);
123 addDropOrAllowTableMissFlow(NwConstants.INGRESS_ACL_COMMITTER_TABLE, NwConstants.LPORT_DISPATCHER_TABLE);
125 LOG.debug("Added Stateful Ingress ACL Table Miss Flows for dpn {}", dpId);
129 * Adds the egress acl table miss flow.
131 private void addEgressAclTableMissFlows() {
132 // EGRESS_ACL_DUMMY_TABLE exists on egress side only.
133 addGotoOrResubmitTableMissFlow(NwConstants.EGRESS_ACL_DUMMY_TABLE, NwConstants.EGRESS_ACL_ANTI_SPOOFING_TABLE);
135 InstructionInfo writeMetatdata = AclServiceUtils.getWriteMetadataForDropFlag();
136 List<InstructionInfo> instructions = Lists.newArrayList(writeMetatdata);
137 addGotoOrResubmitTableMissFlow(NwConstants.EGRESS_ACL_ANTI_SPOOFING_TABLE,
138 NwConstants.EGRESS_ACL_COMMITTER_TABLE, instructions);
140 writeMetatdata = AclServiceUtils
141 .getWriteMetadataForAclClassifierType(AclConntrackClassifierType.NON_CONNTRACK_SUPPORTED);
142 instructions = Lists.newArrayList(writeMetatdata);
143 addGotoOrResubmitTableMissFlow(NwConstants.EGRESS_ACL_CONNTRACK_CLASSIFIER_TABLE,
144 NwConstants.EGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE, instructions);
146 addDropOrAllowTableMissFlow(NwConstants.EGRESS_ACL_CONNTRACK_SENDER_TABLE,
147 NwConstants.EGRESS_ACL_FOR_EXISTING_TRAFFIC_TABLE);
148 addGotoOrResubmitTableMissFlow(NwConstants.EGRESS_ACL_FOR_EXISTING_TRAFFIC_TABLE,
149 NwConstants.EGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE);
150 addDropOrAllowTableMissFlow(NwConstants.EGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE,
151 NwConstants.EGRESS_ACL_RULE_BASED_FILTER_TABLE);
152 addGotoOrResubmitTableMissFlow(NwConstants.EGRESS_ACL_RULE_BASED_FILTER_TABLE,
153 NwConstants.EGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE);
154 addGotoOrResubmitTableMissFlow(NwConstants.EGRESS_REMOTE_ACL_TABLE,
155 NwConstants.EGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE);
156 addDropOrAllowTableMissFlow(NwConstants.EGRESS_ACL_COMMITTER_TABLE, NwConstants.LPORT_DISPATCHER_TABLE);
158 LOG.debug("Added Stateful Egress ACL Table Miss Flows for dpn {}", dpId);
161 private void addIngressDropFlows() {
162 List<InstructionInfo> dropInstructions = AclServiceOFFlowBuilder.getDropInstructionInfo();
163 addFlowToTx(NwConstants.INGRESS_ACL_COMMITTER_TABLE, "Ingress_Committer_Drop_Flow",
164 AclConstants.COMMITTER_TABLE_DROP_PRIORITY, getMetadataForCommitterDropFlag(), dropInstructions);
167 private void addEgressDropFlows() {
168 List<InstructionInfo> dropInstructions = AclServiceOFFlowBuilder.getDropInstructionInfo();
169 addFlowToTx(NwConstants.EGRESS_ACL_COMMITTER_TABLE, "Egress_Committer_Drop_Flow",
170 AclConstants.COMMITTER_TABLE_DROP_PRIORITY, getMetadataForCommitterDropFlag(), dropInstructions);
173 private void addIngressAntiSpoofingTableGotoFlows() {
174 InstructionInfo writeMetatdata = AclServiceUtils.getWriteMetadataForDropFlag();
175 List<InstructionInfo> gotoInstructions = AclServiceOFFlowBuilder
176 .getGotoInstructionInfo(NwConstants.INGRESS_ACL_COMMITTER_TABLE);
177 gotoInstructions.add(writeMetatdata);
179 List<MatchInfoBase> arpGotoMatches = new ArrayList<>();
180 arpGotoMatches.add(MatchEthernetType.ARP);
181 addFlowToTx(NwConstants.INGRESS_ACL_ANTI_SPOOFING_TABLE, "Ingress_ACL_Table_ARP_GOTO_Flow",
182 AclConstants.PROTO_ARP_TRAFFIC_DROP_PRIORITY, arpGotoMatches, gotoInstructions);
184 List<MatchInfoBase> ipGotoMatches = new ArrayList<>();
185 ipGotoMatches.add(MatchEthernetType.IPV4);
186 addFlowToTx(NwConstants.INGRESS_ACL_ANTI_SPOOFING_TABLE, "Ingress_ACL_Table_IP_GOTO_Flow",
187 AclConstants.PROTO_IP_TRAFFIC_DROP_PRIORITY, ipGotoMatches, gotoInstructions);
189 List<MatchInfoBase> ipv6GotoMatches = new ArrayList<>();
190 ipv6GotoMatches.add(MatchEthernetType.IPV6);
191 addFlowToTx(NwConstants.INGRESS_ACL_ANTI_SPOOFING_TABLE, "Ingress_ACL_Table_IPv6_GOTO_Flow",
192 AclConstants.PROTO_IP_TRAFFIC_DROP_PRIORITY, ipv6GotoMatches, gotoInstructions);
194 addIngressAclDhcpServerTrafficFlow(gotoInstructions);
195 addIngressAclDhcpv6ServerTrafficFlow(gotoInstructions);
196 addIngressAclIcmpv6RouterAdvtsFlow(gotoInstructions);
199 private void addIngressAclDhcpServerTrafficFlow(List<InstructionInfo> gotoInstructions) {
200 List<MatchInfoBase> matches = new ArrayList<>();
201 matches.add(MatchEthernetType.IPV4);
202 matches.add(MatchIpProtocol.UDP);
203 matches.add(new MatchUdpDestinationPort(AclConstants.DHCP_CLIENT_PORT_IPV4));
204 matches.add(new MatchUdpSourcePort(AclConstants.DHCP_SERVER_PORT_IPV4));
206 addFlowToTx(NwConstants.INGRESS_ACL_ANTI_SPOOFING_TABLE, "Egress_DHCP_Server_v4_GOTO_FLOW",
207 AclConstants.PROTO_MATCH_PRIORITY, matches, gotoInstructions);
210 private void addIngressAclDhcpv6ServerTrafficFlow(List<InstructionInfo> gotoInstructions) {
211 List<MatchInfoBase> matches = new ArrayList<>();
212 matches.add(MatchEthernetType.IPV6);
213 matches.add(MatchIpProtocol.UDP);
214 matches.add(new MatchUdpDestinationPort(AclConstants.DHCP_CLIENT_PORT_IPV6));
215 matches.add(new MatchUdpSourcePort(AclConstants.DHCP_SERVER_PORT_IPV6));
217 addFlowToTx(NwConstants.INGRESS_ACL_ANTI_SPOOFING_TABLE, "Egress_DHCP_Server_v6_GOTO_FLOW",
218 AclConstants.PROTO_MATCH_PRIORITY, matches, gotoInstructions);
221 private void addIngressAclIcmpv6RouterAdvtsFlow(List<InstructionInfo> gotoInstructions) {
222 List<MatchInfoBase> matches = new ArrayList<>();
223 matches.add(MatchEthernetType.IPV6);
224 matches.add(MatchIpProtocol.ICMPV6);
225 matches.add(new MatchIcmpv6((short) AclConstants.ICMPV6_TYPE_RA, (short) 0));
227 addFlowToTx(NwConstants.INGRESS_ACL_ANTI_SPOOFING_TABLE,
228 "Egress_ICMPv6_" + AclConstants.ICMPV6_TYPE_RA + "_GOTO_FLOW",
229 AclConstants.PROTO_IPV6_DROP_PRIORITY, matches, gotoInstructions);
232 private List<MatchInfoBase> getMetadataForCommitterDropFlag() {
233 List<MatchInfoBase> matches = new ArrayList<>();
234 BigInteger metaData = MetaDataUtil.METADATA_MASK_ACL_DROP
235 .and(AclConstants.METADATA_DROP_FLAG.shiftLeft(2));
236 BigInteger metaDataMask = MetaDataUtil.METADATA_MASK_ACL_DROP
237 .and(AclConstants.METADATA_DROP_FLAG.shiftLeft(2));
238 matches.add(new MatchMetadata(metaData, metaDataMask));
243 private void addDropOrAllowTableMissFlow(short tableId, short nextTableId) {
244 List<MatchInfo> matches = Collections.emptyList();
245 List<InstructionInfo> instructions;
246 if (config.getDefaultBehavior() == DefaultBehavior.Deny) {
247 instructions = AclServiceOFFlowBuilder.getDropInstructionInfo();
249 instructions = getGotoOrResubmitInstructions(tableId, nextTableId);
251 addFlowToTx(tableId, getTableMissFlowId(tableId), AclConstants.ACL_TABLE_MISS_PRIORITY, matches, instructions);
254 private void addGotoOrResubmitTableMissFlow(short tableId, short nextTableId) {
255 addGotoOrResubmitTableMissFlow(tableId, nextTableId, null);
258 private void addGotoOrResubmitTableMissFlow(short tableId, short nextTableId,
259 @Nullable List<InstructionInfo> instructions) {
260 List<MatchInfoBase> matches = Collections.emptyList();
261 List<InstructionInfo> ins = getGotoOrResubmitInstructions(tableId, nextTableId);
262 if (instructions != null && !instructions.isEmpty()) {
263 ins.addAll(instructions);
265 addFlowToTx(tableId, getTableMissFlowId(tableId), AclConstants.ACL_TABLE_MISS_PRIORITY, matches, ins);
268 private List<InstructionInfo> getGotoOrResubmitInstructions(short tableId, short nextTableId) {
269 List<InstructionInfo> instructions;
270 if (tableId < nextTableId) {
271 instructions = AclServiceOFFlowBuilder.getGotoInstructionInfo(nextTableId);
273 instructions = AclServiceOFFlowBuilder.getResubmitInstructionInfo(nextTableId);
278 private void addIngressConntrackStateRules() {
279 addConntrackStateRules(NwConstants.LPORT_DISPATCHER_TABLE,
280 NwConstants.INGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE);
281 addConntrackUntrackedRule(NwConstants.INGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE,
282 NwConstants.INGRESS_ACL_CONNTRACK_SENDER_TABLE);
285 private void addEgressConntrackStateRules() {
286 addConntrackStateRules(NwConstants.EGRESS_LPORT_DISPATCHER_TABLE,
287 NwConstants.EGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE);
288 addConntrackUntrackedRule(NwConstants.EGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE,
289 NwConstants.EGRESS_ACL_CONNTRACK_SENDER_TABLE);
292 private void addIngressConntrackClassifierFlows() {
293 addConntrackClassifierFlows(NwConstants.INGRESS_ACL_CONNTRACK_CLASSIFIER_TABLE,
294 NwConstants.INGRESS_ACL_CONNTRACK_SENDER_TABLE);
297 private void addEgressConntrackClassifierFlows() {
298 addConntrackClassifierFlows(NwConstants.EGRESS_ACL_CONNTRACK_CLASSIFIER_TABLE,
299 NwConstants.EGRESS_ACL_CONNTRACK_SENDER_TABLE);
302 private void addConntrackClassifierFlows(short tableId, short gotoTableId) {
303 for (IPProtocols protocol : AclConstants.PROTOCOLS_SUPPORTED_BY_CONNTRACK) {
307 // For tcp and udp, create one flow each for IPv4 and IPv6
308 programConntrackClassifierFlow(tableId, gotoTableId, MatchEthernetType.IPV4, protocol);
309 programConntrackClassifierFlow(tableId, gotoTableId, MatchEthernetType.IPV6, protocol);
312 programConntrackClassifierFlow(tableId, gotoTableId, MatchEthernetType.IPV4, protocol);
315 programConntrackClassifierFlow(tableId, gotoTableId, MatchEthernetType.IPV6, protocol);
318 LOG.error("Invalid protocol [{}] for conntrack", protocol);
323 private void programConntrackClassifierFlow(short tableId, short gotoTableId, MatchEthernetType etherType,
324 IPProtocols protocol) {
325 String flowId = "Fixed_Conntrk_Classifier_" + dpId + "_" + tableId + "_" + etherType + "_" + protocol.name();
327 List<MatchInfoBase> matches = new ArrayList<>();
328 matches.addAll(AclServiceUtils.buildIpProtocolMatches(etherType, protocol));
330 List<InstructionInfo> instructions = AclServiceOFFlowBuilder.getGotoInstructionInfo(gotoTableId);
331 InstructionInfo writeMetatdata =
332 AclServiceUtils.getWriteMetadataForAclClassifierType(AclConntrackClassifierType.CONNTRACK_SUPPORTED);
333 instructions.add(writeMetatdata);
335 addFlowToTx(tableId, flowId, AclConstants.ACL_DEFAULT_PRIORITY, matches, instructions);
338 private void addEgressAllowBroadcastFlow() {
339 final List<MatchInfoBase> ipBroadcastMatches =
340 AclServiceUtils.buildBroadcastIpV4Matches(AclConstants.IPV4_ALL_SUBNET_BROADCAST_ADDR);
341 List<InstructionInfo> ipBroadcastInstructions =
342 AclServiceOFFlowBuilder.getGotoInstructionInfo(NwConstants.EGRESS_ACL_CONNTRACK_CLASSIFIER_TABLE);
343 String ipBroadcastflowName = "Ingress_v4_Broadcast_" + dpId + "_Permit";
344 addFlowToTx(NwConstants.EGRESS_ACL_ANTI_SPOOFING_TABLE, ipBroadcastflowName, AclConstants.PROTO_MATCH_PRIORITY,
345 ipBroadcastMatches, ipBroadcastInstructions);
347 final List<MatchInfoBase> l2BroadcastMatch = AclServiceUtils.buildL2BroadcastMatches();
348 List<InstructionInfo> l2BroadcastInstructions =
349 AclServiceOFFlowBuilder.getResubmitInstructionInfo(NwConstants.EGRESS_LPORT_DISPATCHER_TABLE);
350 String l2BroadcastflowName = "Ingress_L2_Broadcast_" + dpId + "_Permit";
351 addFlowToTx(NwConstants.EGRESS_ACL_ANTI_SPOOFING_TABLE, l2BroadcastflowName,
352 AclConstants.PROTO_L2BROADCAST_TRAFFIC_MATCH_PRIORITY, l2BroadcastMatch, l2BroadcastInstructions);
355 private void addConntrackStateRules(short dispatcherTableId, short tableId) {
356 programConntrackForwardRule(AclConstants.CT_STATE_TRACKED_EXIST_PRIORITY, "Tracked_Established",
357 AclConstants.TRACKED_EST_CT_STATE, AclConstants.TRACKED_EST_CT_STATE_MASK,
358 dispatcherTableId, tableId, true);
359 programConntrackForwardRule(AclConstants.CT_STATE_TRACKED_EXIST_PRIORITY, "Tracked_Related",
360 AclConstants.TRACKED_REL_CT_STATE, AclConstants.TRACKED_REL_CT_STATE_MASK,
361 dispatcherTableId, tableId, true);
364 private void addConntrackUntrackedRule(short tableId, short gotoTableId) {
365 programConntrackUntrackedRule(AclConstants.CT_STATE_TRACKED_EXIST_PRIORITY, "Untracked_Related",
366 AclConstants.UNTRACKED_CT_STATE, AclConstants.TRACKED_CT_STATE_MASK, tableId, gotoTableId);
369 private void programConntrackUntrackedRule(Integer priority, String flowId, int conntrackState, int conntrackMask,
370 short tableId, short gotoTableId) {
371 List<MatchInfoBase> matches = new ArrayList<>();
372 matches.add(new NxMatchCtState(conntrackState, conntrackMask));
373 matches.add(AclServiceUtils.buildAclConntrackClassifierTypeMatch(
374 AclConntrackClassifierType.CONNTRACK_SUPPORTED));
376 List<ActionInfo> actionsInfos = new ArrayList<>();
377 actionsInfos.add(new ActionNxCtClear());
378 actionsInfos.add(new ActionNxResubmit(gotoTableId));
379 List<InstructionInfo> instructions = new ArrayList<>();
380 instructions.add(new InstructionApplyActions(actionsInfos));
381 flowId = "Fixed_Conntrk_Trk_" + dpId + "_" + flowId + gotoTableId;
382 addFlowToTx(tableId, flowId, priority, matches, instructions);
386 * Adds the rule to forward the known packets.
388 * @param priority the priority of the flow
389 * @param flowId the flowId
390 * @param conntrackState the conntrack state of the packets thats should be
392 * @param conntrackMask the conntrack mask
393 * @param dispatcherTableId the dispatcher table id
394 * @param tableId the table id
396 private void programConntrackForwardRule(Integer priority, String flowId, int conntrackState, int conntrackMask,
397 short dispatcherTableId, short tableId, boolean shouldMatchMark) {
398 List<MatchInfoBase> matches = new ArrayList<>();
399 matches.add(new NxMatchCtState(conntrackState, conntrackMask));
400 if (shouldMatchMark) {
401 matches.add(new NxMatchCtMark(AclConstants.CT_MARK_EST_STATE, AclConstants.CT_MARK_EST_STATE_MASK));
403 List<ActionInfo> actionsInfos = new ArrayList<>();
404 actionsInfos.add(new ActionNxCtClear());
405 actionsInfos.add(new ActionNxResubmit(dispatcherTableId));
406 List<InstructionInfo> instructions = new ArrayList<>();
407 instructions.add(new InstructionApplyActions(actionsInfos));
408 flowId = "Fixed_Conntrk_Trk_" + dpId + "_" + flowId + dispatcherTableId;
409 addFlowToTx(tableId, flowId, priority, matches, instructions);
412 private void addEgressCtClearRule() {
413 List<MatchInfoBase> matches = new ArrayList<>();
414 matches.add(MatchEthernetType.IPV4);
415 List<InstructionInfo> instructions = new ArrayList<>();
416 List<ActionInfo> actionsInfos = new ArrayList<>();
417 actionsInfos.add(new ActionNxCtClear());
418 instructions.add(new InstructionApplyActions(actionsInfos));
419 instructions.add(new InstructionGotoTable(NwConstants.EGRESS_ACL_ANTI_SPOOFING_TABLE));
420 String flowName = "Egress_Fixed_Ct_Clear_Table_Ipv4_" + this.dpId;
421 addFlowToTx(NwConstants.EGRESS_ACL_DUMMY_TABLE, flowName, AclConstants.ACL_DEFAULT_PRIORITY, matches,
423 matches = new ArrayList<>();
424 matches.add(MatchEthernetType.IPV6);
425 flowName = "Egress_Fixed_Ct_Clear_Table_Ipv6_" + this.dpId;
426 addFlowToTx(NwConstants.EGRESS_ACL_DUMMY_TABLE, flowName, AclConstants.ACL_DEFAULT_PRIORITY, matches,
430 private void addFlowToTx(short tableId, String flowId, int priority, List<? extends MatchInfoBase> matches,
431 List<InstructionInfo> instructions) {
434 BigInteger cookie = AclConstants.COOKIE_ACL_BASE;
435 FlowEntity flowEntity = MDSALUtil.buildFlowEntity(this.dpId, tableId, flowId, priority, flowId, idleTimeOut,
436 hardTimeOut, cookie, matches, instructions);
437 LOG.trace("Installing Acl default Flow:: DpnId: {}, flowId: {}, flowName: {}, tableId: {}", dpId, flowId,
439 mdsalManager.addFlow(tx, flowEntity);
443 * Gets the table miss flow id.
445 * @param tableId the table id
446 * @return the table miss flow id
448 private String getTableMissFlowId(short tableId) {
449 return String.valueOf(tableId);