2 * Copyright (c) 2018 Ericsson India Global Services Pvt Ltd. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.netvirt.aclservice.utils;
11 import com.google.common.collect.Lists;
12 import java.util.ArrayList;
13 import java.util.Collections;
14 import java.util.List;
15 import org.eclipse.jdt.annotation.Nullable;
16 import org.opendaylight.genius.infra.Datastore.Configuration;
17 import org.opendaylight.genius.infra.TypedWriteTransaction;
18 import org.opendaylight.genius.mdsalutil.ActionInfo;
19 import org.opendaylight.genius.mdsalutil.FlowEntity;
20 import org.opendaylight.genius.mdsalutil.InstructionInfo;
21 import org.opendaylight.genius.mdsalutil.MDSALUtil;
22 import org.opendaylight.genius.mdsalutil.MatchInfo;
23 import org.opendaylight.genius.mdsalutil.MatchInfoBase;
24 import org.opendaylight.genius.mdsalutil.MetaDataUtil;
25 import org.opendaylight.genius.mdsalutil.NwConstants;
26 import org.opendaylight.genius.mdsalutil.actions.ActionNxCtClear;
27 import org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit;
28 import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions;
29 import org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable;
30 import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
31 import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType;
32 import org.opendaylight.genius.mdsalutil.matches.MatchIcmpv6;
33 import org.opendaylight.genius.mdsalutil.matches.MatchIpProtocol;
34 import org.opendaylight.genius.mdsalutil.matches.MatchMetadata;
35 import org.opendaylight.genius.mdsalutil.matches.MatchUdpDestinationPort;
36 import org.opendaylight.genius.mdsalutil.matches.MatchUdpSourcePort;
37 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtMark;
38 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtState;
39 import org.opendaylight.genius.mdsalutil.packet.IPProtocols;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.config.rev160806.AclserviceConfig;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.config.rev160806.AclserviceConfig.DefaultBehavior;
42 import org.opendaylight.yangtools.yang.common.Uint64;
43 import org.slf4j.Logger;
44 import org.slf4j.LoggerFactory;
47 * The transaction builder class for ACL node default flows.
49 * @author Somashekar Byrappa
51 public class AclNodeDefaultFlowsTxBuilder {
53 private static final Logger LOG = LoggerFactory.getLogger(AclNodeDefaultFlowsTxBuilder.class);
55 private final Uint64 dpId;
56 private final IMdsalApiManager mdsalManager;
57 private final AclserviceConfig config;
58 private final TypedWriteTransaction<Configuration> tx;
60 public AclNodeDefaultFlowsTxBuilder(Uint64 dpId, IMdsalApiManager mdsalManager, AclserviceConfig config,
61 TypedWriteTransaction<Configuration> tx) {
63 this.mdsalManager = mdsalManager;
69 createTableDefaultEntries();
74 * Creates the table default entries.
76 private void createTableDefaultEntries() {
77 addStatefulIngressDefaultFlows();
78 addStatefulEgressDefaultFlows();
81 private void addStatefulIngressDefaultFlows() {
82 addIngressAclTableMissFlows();
83 addIngressDropFlows();
84 addIngressAntiSpoofingTableGotoFlows();
85 addIngressConntrackClassifierFlows();
86 addIngressConntrackStateRules();
89 private void addStatefulEgressDefaultFlows() {
90 addEgressAclTableMissFlows();
92 addEgressConntrackClassifierFlows();
93 addEgressConntrackStateRules();
94 addEgressAllowBroadcastFlow();
95 addEgressCtClearRule();
99 * Adds the ingress acl table miss flows.
101 private void addIngressAclTableMissFlows() {
102 InstructionInfo writeMetatdata = AclServiceUtils.getWriteMetadataForDropFlag();
103 List<InstructionInfo> instructions = Lists.newArrayList(writeMetatdata);
104 addGotoOrResubmitTableMissFlow(NwConstants.INGRESS_ACL_ANTI_SPOOFING_TABLE,
105 NwConstants.INGRESS_ACL_COMMITTER_TABLE, instructions);
107 writeMetatdata = AclServiceUtils
108 .getWriteMetadataForAclClassifierType(AclConntrackClassifierType.NON_CONNTRACK_SUPPORTED);
109 instructions = Lists.newArrayList(writeMetatdata);
110 addGotoOrResubmitTableMissFlow(NwConstants.INGRESS_ACL_CONNTRACK_CLASSIFIER_TABLE,
111 NwConstants.INGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE, instructions);
113 addDropOrAllowTableMissFlow(NwConstants.INGRESS_ACL_CONNTRACK_SENDER_TABLE,
114 NwConstants.INGRESS_ACL_FOR_EXISTING_TRAFFIC_TABLE);
115 addGotoOrResubmitTableMissFlow(NwConstants.INGRESS_ACL_FOR_EXISTING_TRAFFIC_TABLE,
116 NwConstants.INGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE);
117 addDropOrAllowTableMissFlow(NwConstants.INGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE,
118 NwConstants.INGRESS_ACL_RULE_BASED_FILTER_TABLE);
119 addGotoOrResubmitTableMissFlow(NwConstants.INGRESS_ACL_RULE_BASED_FILTER_TABLE,
120 NwConstants.INGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE);
121 addGotoOrResubmitTableMissFlow(NwConstants.INGRESS_REMOTE_ACL_TABLE,
122 NwConstants.INGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE);
123 addDropOrAllowTableMissFlow(NwConstants.INGRESS_ACL_COMMITTER_TABLE, NwConstants.LPORT_DISPATCHER_TABLE);
125 LOG.debug("Added Stateful Ingress ACL Table Miss Flows for dpn {}", dpId);
129 * Adds the egress acl table miss flow.
131 private void addEgressAclTableMissFlows() {
132 // EGRESS_ACL_DUMMY_TABLE exists on egress side only.
133 addGotoOrResubmitTableMissFlow(NwConstants.EGRESS_ACL_DUMMY_TABLE, NwConstants.EGRESS_ACL_ANTI_SPOOFING_TABLE);
135 InstructionInfo writeMetatdata = AclServiceUtils.getWriteMetadataForDropFlag();
136 List<InstructionInfo> instructions = Lists.newArrayList(writeMetatdata);
137 addGotoOrResubmitTableMissFlow(NwConstants.EGRESS_ACL_ANTI_SPOOFING_TABLE,
138 NwConstants.EGRESS_ACL_COMMITTER_TABLE, instructions);
140 writeMetatdata = AclServiceUtils
141 .getWriteMetadataForAclClassifierType(AclConntrackClassifierType.NON_CONNTRACK_SUPPORTED);
142 instructions = Lists.newArrayList(writeMetatdata);
143 addGotoOrResubmitTableMissFlow(NwConstants.EGRESS_ACL_CONNTRACK_CLASSIFIER_TABLE,
144 NwConstants.EGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE, instructions);
146 addDropOrAllowTableMissFlow(NwConstants.EGRESS_ACL_CONNTRACK_SENDER_TABLE,
147 NwConstants.EGRESS_ACL_FOR_EXISTING_TRAFFIC_TABLE);
148 addGotoOrResubmitTableMissFlow(NwConstants.EGRESS_ACL_FOR_EXISTING_TRAFFIC_TABLE,
149 NwConstants.EGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE);
150 addDropOrAllowTableMissFlow(NwConstants.EGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE,
151 NwConstants.EGRESS_ACL_RULE_BASED_FILTER_TABLE);
152 addGotoOrResubmitTableMissFlow(NwConstants.EGRESS_ACL_RULE_BASED_FILTER_TABLE,
153 NwConstants.EGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE);
154 addGotoOrResubmitTableMissFlow(NwConstants.EGRESS_REMOTE_ACL_TABLE,
155 NwConstants.EGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE);
156 addDropOrAllowTableMissFlow(NwConstants.EGRESS_ACL_COMMITTER_TABLE, NwConstants.LPORT_DISPATCHER_TABLE);
158 LOG.debug("Added Stateful Egress ACL Table Miss Flows for dpn {}", dpId);
161 private void addIngressDropFlows() {
162 List<InstructionInfo> dropInstructions = AclServiceOFFlowBuilder.getDropInstructionInfo();
163 addFlowToTx(NwConstants.INGRESS_ACL_COMMITTER_TABLE, "Ingress_Committer_Drop_Flow",
164 AclConstants.COMMITTER_TABLE_DROP_PRIORITY, getMetadataForCommitterDropFlag(), dropInstructions);
167 private void addEgressDropFlows() {
168 List<InstructionInfo> dropInstructions = AclServiceOFFlowBuilder.getDropInstructionInfo();
169 addFlowToTx(NwConstants.EGRESS_ACL_COMMITTER_TABLE, "Egress_Committer_Drop_Flow",
170 AclConstants.COMMITTER_TABLE_DROP_PRIORITY, getMetadataForCommitterDropFlag(), dropInstructions);
173 private void addIngressAntiSpoofingTableGotoFlows() {
174 InstructionInfo writeMetatdata = AclServiceUtils.getWriteMetadataForDropFlag();
175 List<InstructionInfo> gotoInstructions = AclServiceOFFlowBuilder
176 .getGotoInstructionInfo(NwConstants.INGRESS_ACL_COMMITTER_TABLE);
177 gotoInstructions.add(writeMetatdata);
179 List<MatchInfoBase> arpGotoMatches = new ArrayList<>();
180 arpGotoMatches.add(MatchEthernetType.ARP);
181 addFlowToTx(NwConstants.INGRESS_ACL_ANTI_SPOOFING_TABLE, "Ingress_ACL_Table_ARP_GOTO_Flow",
182 AclConstants.PROTO_ARP_TRAFFIC_DROP_PRIORITY, arpGotoMatches, gotoInstructions);
184 List<MatchInfoBase> ipGotoMatches = new ArrayList<>();
185 ipGotoMatches.add(MatchEthernetType.IPV4);
186 addFlowToTx(NwConstants.INGRESS_ACL_ANTI_SPOOFING_TABLE, "Ingress_ACL_Table_IP_GOTO_Flow",
187 AclConstants.PROTO_IP_TRAFFIC_DROP_PRIORITY, ipGotoMatches, gotoInstructions);
189 List<MatchInfoBase> ipv6GotoMatches = new ArrayList<>();
190 ipv6GotoMatches.add(MatchEthernetType.IPV6);
191 addFlowToTx(NwConstants.INGRESS_ACL_ANTI_SPOOFING_TABLE, "Ingress_ACL_Table_IPv6_GOTO_Flow",
192 AclConstants.PROTO_IP_TRAFFIC_DROP_PRIORITY, ipv6GotoMatches, gotoInstructions);
194 addIngressAclDhcpServerTrafficFlow(gotoInstructions);
195 addIngressAclDhcpv6ServerTrafficFlow(gotoInstructions);
196 addIngressAclIcmpv6RouterAdvtsFlow(gotoInstructions);
199 private void addIngressAclDhcpServerTrafficFlow(List<InstructionInfo> gotoInstructions) {
200 List<MatchInfoBase> matches = new ArrayList<>();
201 matches.add(MatchEthernetType.IPV4);
202 matches.add(MatchIpProtocol.UDP);
203 matches.add(new MatchUdpDestinationPort(AclConstants.DHCP_CLIENT_PORT_IPV4));
204 matches.add(new MatchUdpSourcePort(AclConstants.DHCP_SERVER_PORT_IPV4));
206 addFlowToTx(NwConstants.INGRESS_ACL_ANTI_SPOOFING_TABLE, "Egress_DHCP_Server_v4_GOTO_FLOW",
207 AclConstants.PROTO_MATCH_PRIORITY, matches, gotoInstructions);
210 private void addIngressAclDhcpv6ServerTrafficFlow(List<InstructionInfo> gotoInstructions) {
211 List<MatchInfoBase> matches = new ArrayList<>();
212 matches.add(MatchEthernetType.IPV6);
213 matches.add(MatchIpProtocol.UDP);
214 matches.add(new MatchUdpDestinationPort(AclConstants.DHCP_CLIENT_PORT_IPV6));
215 matches.add(new MatchUdpSourcePort(AclConstants.DHCP_SERVER_PORT_IPV6));
217 addFlowToTx(NwConstants.INGRESS_ACL_ANTI_SPOOFING_TABLE, "Egress_DHCP_Server_v6_GOTO_FLOW",
218 AclConstants.PROTO_MATCH_PRIORITY, matches, gotoInstructions);
221 private void addIngressAclIcmpv6RouterAdvtsFlow(List<InstructionInfo> gotoInstructions) {
222 List<MatchInfoBase> matches = new ArrayList<>();
223 matches.add(MatchEthernetType.IPV6);
224 matches.add(MatchIpProtocol.ICMPV6);
225 matches.add(new MatchIcmpv6((short) AclConstants.ICMPV6_TYPE_RA, (short) 0));
227 addFlowToTx(NwConstants.INGRESS_ACL_ANTI_SPOOFING_TABLE,
228 "Egress_ICMPv6_" + AclConstants.ICMPV6_TYPE_RA + "_GOTO_FLOW",
229 AclConstants.PROTO_IPV6_DROP_PRIORITY, matches, gotoInstructions);
232 private List<MatchInfoBase> getMetadataForCommitterDropFlag() {
233 List<MatchInfoBase> matches = new ArrayList<>();
234 Uint64 metaData = Uint64.fromLongBits(MetaDataUtil.METADATA_MASK_ACL_DROP.longValue()
235 & (AclConstants.METADATA_DROP_FLAG.longValue() << 2));
236 Uint64 metaDataMask = Uint64.fromLongBits(MetaDataUtil.METADATA_MASK_ACL_DROP.longValue()
237 & (AclConstants.METADATA_DROP_FLAG.longValue() << 2));
238 matches.add(new MatchMetadata(metaData, metaDataMask));
243 private void addDropOrAllowTableMissFlow(short tableId, short nextTableId) {
244 List<MatchInfo> matches = Collections.emptyList();
245 List<InstructionInfo> instructions;
246 if (config.getDefaultBehavior() == DefaultBehavior.Deny) {
247 instructions = AclServiceOFFlowBuilder.getDropInstructionInfo();
249 instructions = getGotoOrResubmitInstructions(tableId, nextTableId);
251 addFlowToTx(tableId, getTableMissFlowId(tableId), AclConstants.ACL_TABLE_MISS_PRIORITY, matches, instructions);
254 private void addGotoOrResubmitTableMissFlow(short tableId, short nextTableId) {
255 addGotoOrResubmitTableMissFlow(tableId, nextTableId, null);
258 private void addGotoOrResubmitTableMissFlow(short tableId, short nextTableId,
259 @Nullable List<InstructionInfo> instructions) {
260 List<MatchInfoBase> matches = Collections.emptyList();
261 List<InstructionInfo> ins = getGotoOrResubmitInstructions(tableId, nextTableId);
262 if (instructions != null && !instructions.isEmpty()) {
263 ins.addAll(instructions);
265 addFlowToTx(tableId, getTableMissFlowId(tableId), AclConstants.ACL_TABLE_MISS_PRIORITY, matches, ins);
268 private List<InstructionInfo> getGotoOrResubmitInstructions(short tableId, short nextTableId) {
269 List<InstructionInfo> instructions;
270 if (tableId < nextTableId) {
271 instructions = AclServiceOFFlowBuilder.getGotoInstructionInfo(nextTableId);
273 instructions = AclServiceOFFlowBuilder.getResubmitInstructionInfo(nextTableId);
278 private void addIngressConntrackStateRules() {
279 addConntrackStateRules(NwConstants.LPORT_DISPATCHER_TABLE,
280 NwConstants.INGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE);
281 addConntrackUntrackedRule(NwConstants.INGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE,
282 NwConstants.INGRESS_ACL_CONNTRACK_SENDER_TABLE);
285 private void addEgressConntrackStateRules() {
286 addConntrackStateRules(NwConstants.EGRESS_LPORT_DISPATCHER_TABLE,
287 NwConstants.EGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE);
288 addConntrackUntrackedRule(NwConstants.EGRESS_ACL_FILTER_CUM_DISPATCHER_TABLE,
289 NwConstants.EGRESS_ACL_CONNTRACK_SENDER_TABLE);
292 private void addIngressConntrackClassifierFlows() {
293 addConntrackClassifierFlows(NwConstants.INGRESS_ACL_CONNTRACK_CLASSIFIER_TABLE,
294 NwConstants.INGRESS_ACL_CONNTRACK_SENDER_TABLE);
297 private void addEgressConntrackClassifierFlows() {
298 addConntrackClassifierFlows(NwConstants.EGRESS_ACL_CONNTRACK_CLASSIFIER_TABLE,
299 NwConstants.EGRESS_ACL_CONNTRACK_SENDER_TABLE);
302 private void addConntrackClassifierFlows(short tableId, short gotoTableId) {
303 for (IPProtocols protocol : AclConstants.PROTOCOLS_SUPPORTED_BY_CONNTRACK) {
307 // For tcp and udp, create one flow each for IPv4 and IPv6
308 programConntrackClassifierFlow(tableId, gotoTableId, MatchEthernetType.IPV4, protocol);
309 programConntrackClassifierFlow(tableId, gotoTableId, MatchEthernetType.IPV6, protocol);
312 programConntrackClassifierFlow(tableId, gotoTableId, MatchEthernetType.IPV4, protocol);
315 programConntrackClassifierFlow(tableId, gotoTableId, MatchEthernetType.IPV6, protocol);
318 LOG.error("Invalid protocol [{}] for conntrack", protocol);
323 private void programConntrackClassifierFlow(short tableId, short gotoTableId, MatchEthernetType etherType,
324 IPProtocols protocol) {
325 String flowId = "Fixed_Conntrk_Classifier_" + dpId.toString() + "_"
326 + tableId + "_" + etherType + "_" + protocol.name();
328 List<MatchInfoBase> matches = new ArrayList<>();
329 matches.addAll(AclServiceUtils.buildIpProtocolMatches(etherType, protocol));
331 List<InstructionInfo> instructions = AclServiceOFFlowBuilder.getGotoInstructionInfo(gotoTableId);
332 InstructionInfo writeMetatdata =
333 AclServiceUtils.getWriteMetadataForAclClassifierType(AclConntrackClassifierType.CONNTRACK_SUPPORTED);
334 instructions.add(writeMetatdata);
336 addFlowToTx(tableId, flowId, AclConstants.ACL_DEFAULT_PRIORITY, matches, instructions);
339 private void addEgressAllowBroadcastFlow() {
340 final List<MatchInfoBase> ipBroadcastMatches =
341 AclServiceUtils.buildBroadcastIpV4Matches(AclConstants.IPV4_ALL_SUBNET_BROADCAST_ADDR);
342 List<InstructionInfo> ipBroadcastInstructions =
343 AclServiceOFFlowBuilder.getGotoInstructionInfo(NwConstants.EGRESS_ACL_CONNTRACK_CLASSIFIER_TABLE);
344 String ipBroadcastflowName = "Ingress_v4_Broadcast_" + dpId.toString() + "_Permit";
345 addFlowToTx(NwConstants.EGRESS_ACL_ANTI_SPOOFING_TABLE, ipBroadcastflowName, AclConstants.PROTO_MATCH_PRIORITY,
346 ipBroadcastMatches, ipBroadcastInstructions);
348 final List<MatchInfoBase> l2BroadcastMatch = AclServiceUtils.buildL2BroadcastMatches();
349 List<InstructionInfo> l2BroadcastInstructions =
350 AclServiceOFFlowBuilder.getResubmitInstructionInfo(NwConstants.EGRESS_LPORT_DISPATCHER_TABLE);
351 String l2BroadcastflowName = "Ingress_L2_Broadcast_" + dpId.toString() + "_Permit";
352 addFlowToTx(NwConstants.EGRESS_ACL_ANTI_SPOOFING_TABLE, l2BroadcastflowName,
353 AclConstants.PROTO_L2BROADCAST_TRAFFIC_MATCH_PRIORITY, l2BroadcastMatch, l2BroadcastInstructions);
356 private void addConntrackStateRules(short dispatcherTableId, short tableId) {
357 programConntrackForwardRule(AclConstants.CT_STATE_TRACKED_EXIST_PRIORITY, "Tracked_Established",
358 AclConstants.TRACKED_EST_CT_STATE, AclConstants.TRACKED_EST_CT_STATE_MASK,
359 dispatcherTableId, tableId, true);
360 programConntrackForwardRule(AclConstants.CT_STATE_TRACKED_EXIST_PRIORITY, "Tracked_Related",
361 AclConstants.TRACKED_REL_CT_STATE, AclConstants.TRACKED_REL_CT_STATE_MASK,
362 dispatcherTableId, tableId, true);
365 private void addConntrackUntrackedRule(short tableId, short gotoTableId) {
366 programConntrackUntrackedRule(AclConstants.CT_STATE_TRACKED_EXIST_PRIORITY, "Untracked_Related",
367 AclConstants.UNTRACKED_CT_STATE, AclConstants.TRACKED_CT_STATE_MASK, tableId, gotoTableId);
370 private void programConntrackUntrackedRule(Integer priority, String flowId, int conntrackState, int conntrackMask,
371 short tableId, short gotoTableId) {
372 List<MatchInfoBase> matches = new ArrayList<>();
373 matches.add(new NxMatchCtState(conntrackState, conntrackMask));
374 matches.add(AclServiceUtils.buildAclConntrackClassifierTypeMatch(
375 AclConntrackClassifierType.CONNTRACK_SUPPORTED));
377 List<ActionInfo> actionsInfos = new ArrayList<>();
378 actionsInfos.add(new ActionNxCtClear());
379 actionsInfos.add(new ActionNxResubmit(gotoTableId));
380 List<InstructionInfo> instructions = new ArrayList<>();
381 instructions.add(new InstructionApplyActions(actionsInfos));
382 flowId = "Fixed_Conntrk_Trk_" + dpId.toString() + "_" + flowId + gotoTableId;
383 addFlowToTx(tableId, flowId, priority, matches, instructions);
387 * Adds the rule to forward the known packets.
389 * @param priority the priority of the flow
390 * @param flowId the flowId
391 * @param conntrackState the conntrack state of the packets thats should be
393 * @param conntrackMask the conntrack mask
394 * @param dispatcherTableId the dispatcher table id
395 * @param tableId the table id
397 private void programConntrackForwardRule(Integer priority, String flowId, int conntrackState, int conntrackMask,
398 short dispatcherTableId, short tableId, boolean shouldMatchMark) {
399 List<MatchInfoBase> matches = new ArrayList<>();
400 matches.add(new NxMatchCtState(conntrackState, conntrackMask));
401 if (shouldMatchMark) {
402 matches.add(new NxMatchCtMark(AclConstants.CT_MARK_EST_STATE, AclConstants.CT_MARK_EST_STATE_MASK));
404 List<ActionInfo> actionsInfos = new ArrayList<>();
405 actionsInfos.add(new ActionNxCtClear());
406 actionsInfos.add(new ActionNxResubmit(dispatcherTableId));
407 List<InstructionInfo> instructions = new ArrayList<>();
408 instructions.add(new InstructionApplyActions(actionsInfos));
409 flowId = "Fixed_Conntrk_Trk_" + dpId.toString() + "_" + flowId + dispatcherTableId;
410 addFlowToTx(tableId, flowId, priority, matches, instructions);
413 private void addEgressCtClearRule() {
414 List<MatchInfoBase> matches = new ArrayList<>();
415 matches.add(MatchEthernetType.IPV4);
416 List<InstructionInfo> instructions = new ArrayList<>();
417 List<ActionInfo> actionsInfos = new ArrayList<>();
418 actionsInfos.add(new ActionNxCtClear());
419 instructions.add(new InstructionApplyActions(actionsInfos));
420 instructions.add(new InstructionGotoTable(NwConstants.EGRESS_ACL_ANTI_SPOOFING_TABLE));
421 String flowName = "Egress_Fixed_Ct_Clear_Table_Ipv4_" + this.dpId.toString();
422 addFlowToTx(NwConstants.EGRESS_ACL_DUMMY_TABLE, flowName, AclConstants.ACL_DEFAULT_PRIORITY, matches,
424 matches = new ArrayList<>();
425 matches.add(MatchEthernetType.IPV6);
426 flowName = "Egress_Fixed_Ct_Clear_Table_Ipv6_" + this.dpId.toString();
427 addFlowToTx(NwConstants.EGRESS_ACL_DUMMY_TABLE, flowName, AclConstants.ACL_DEFAULT_PRIORITY, matches,
431 private void addFlowToTx(short tableId, String flowId, int priority, List<? extends MatchInfoBase> matches,
432 List<InstructionInfo> instructions) {
435 Uint64 cookie = AclConstants.COOKIE_ACL_BASE;
436 FlowEntity flowEntity = MDSALUtil.buildFlowEntity(Uint64.valueOf(this.dpId.toString()), tableId, flowId,
437 priority, flowId, idleTimeOut,
438 hardTimeOut, cookie, matches, instructions);
439 LOG.trace("Installing Acl default Flow:: DpnId: {}, flowId: {}, flowName: {}, tableId: {}",
440 dpId.toString(), flowId, flowId, tableId);
441 mdsalManager.addFlow(tx, flowEntity);
445 * Gets the table miss flow id.
447 * @param tableId the table id
448 * @return the table miss flow id
450 private String getTableMissFlowId(short tableId) {
451 return String.valueOf(tableId);