neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/infrastructure/NetworkService.java

   1 /*
   2  * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.groupbasedpolicy.neutron.mapper.infrastructure;
  10
  11 import com.google.common.collect.ImmutableList;
  12
  13 import java.util.Collections;
  14 import java.util.HashSet;
  15 import java.util.Set;
  16
  17 import javax.annotation.Nullable;
  18
  19 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
  20 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  21 import org.opendaylight.groupbasedpolicy.api.sf.EtherTypeClassifierDefinition;
  22 import org.opendaylight.groupbasedpolicy.api.sf.IpProtoClassifierDefinition;
  23 import org.opendaylight.groupbasedpolicy.api.sf.L4ClassifierDefinition;
  24 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
  25 import org.opendaylight.groupbasedpolicy.util.IidFactory;
  26 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
  27 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;
  28 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
  29 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Description;
  30 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
  31 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Name;
  32 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
  33 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
  34 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
  35 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.L3EndpointIdentificationConstraints;
  36 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
  37 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup;
  38 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.Clause;
  39 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.Subject;
  40 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.SubjectBuilder;
  41 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.clause.ConsumerMatchers;
  42 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.clause.ProviderMatchers;
  43 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.subject.Rule;
  44 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ConsumerNamedSelector;
  45 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ProviderNamedSelector;
  46 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ActionInstance;
  47 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ClassifierInstance;
  48
  49 public class NetworkService extends ServiceUtil {
  50
  51     /**
  52      * Unit tests {@link NetworkServiceTest}.
  53      */
  54     // ########### DHCP
  55     private static final long DHCP_IPV4_SERVER_PORT = 67;
  56     private static final long DHCP_IPV4_CLIENT_PORT = 68;
  57     private static final long DHCP_IPV6_SERVER_PORT = 547;
  58     private static final long DHCP_IPV6_CLIENT_PORT = 546;
  59     private static final ClassifierName DHCP_IPV4_CLIENT_SERVER_NAME =
  60             new ClassifierName("DHCP_IPv4_FROM_CLIENT_TO_SERVER");
  61     private static final ClassifierName DHCP_IPV4_SERVER_CLIENT_NAME =
  62             new ClassifierName("DHCP_IPv4_FROM_SERVER_TO_CLIENT");
  63     private static final ClassifierName DHCP_IPV6_CLIENT_SERVER_NAME =
  64             new ClassifierName("DHCP_IPv6_FROM_CLIENT_TO_SERVER");
  65     private static final ClassifierName DHCP_IPV6_SERVER_CLIENT_NAME =
  66             new ClassifierName("DHCP_IPv6_FROM_SERVER_TO_CLIENT");
  67     private static final SubjectName DHCP_SUBJECT_NAME = new SubjectName("ALLOW_DHCP");
  68     private static final Description DHCP_CONTRACT_DESC =
  69             new Description("Allow DHCP communication between client and server.");
  70
  71     /**
  72      * Id of {@link #DHCP_CONTRACT}.
  73      */
  74     public static final ContractId DHCP_CONTRACT_ID = new ContractId("11118d2e-dddd-11e5-885d-feff819cdc9f");
  75     /**
  76      * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching DHCP communication
  77      * between Client and Server.
  78      */
  79     public static final Contract DHCP_CONTRACT;
  80     /**
  81      * {@link ConsumerNamedSelector} pointing to {@link #DHCP_CONTRACT}.
  82      */
  83     public static final ConsumerNamedSelector DHCP_CONTRACT_CONSUMER_SELECTOR;
  84
  85     // ########### DNS
  86     private static final long DNS_SERVER_PORT = 53;
  87     private static final ClassifierName DNS_UDP_IPV4_CLIENT_SERVER_NAME =
  88             new ClassifierName("DNS_UDP_IPv4_FROM_CLIENT_TO_SERVER");
  89     private static final ClassifierName DNS_UDP_IPV4_SERVER_CLIENT_NAME =
  90             new ClassifierName("DNS_UDP_IPv4_FROM_SERVER_TO_CLIENT");
  91     private static final ClassifierName DNS_UDP_IPV6_CLIENT_SERVER_NAME =
  92             new ClassifierName("DNS_UDP_IPv6_FROM_CLIENT_TO_SERVER");
  93     private static final ClassifierName DNS_UDP_IPV6_SERVER_CLIENT_NAME =
  94             new ClassifierName("DNS_UDP_IPv6_FROM_SERVER_TO_CLIENT");
  95     private static final ClassifierName DNS_TCP_IPV4_CLIENT_SERVER_NAME =
  96             new ClassifierName("DNS_TCP_IPv4_FROM_CLIENT_TO_SERVER");
  97     private static final ClassifierName DNS_TCP_IPV4_SERVER_CLIENT_NAME =
  98             new ClassifierName("DNS_TCP_IPv4_FROM_SERVER_TO_CLIENT");
  99     private static final ClassifierName DNS_TCP_IPV6_CLIENT_SERVER_NAME =
 100             new ClassifierName("DNS_TCP_IPv6_FROM_CLIENT_TO_SERVER");
 101     private static final ClassifierName DNS_TCP_IPV6_SERVER_CLIENT_NAME =
 102             new ClassifierName("DNS_TCP_IPv6_FROM_SERVER_TO_CLIENT");
 103     private static final SubjectName DNS_SUBJECT_NAME = new SubjectName("ALLOW_DNS");
 104     private static final Description DNS_CONTRACT_DESC =
 105             new Description("Allow DNS communication between client and server.");
 106     /**
 107      * ID of {@link #DNS_CONTRACT}.
 108      */
 109     public static final ContractId DNS_CONTRACT_ID = new ContractId("22218d2e-dddd-11e5-885d-feff819cdc9f");
 110     /**
 111      * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching DNS communication
 112      * between Client and Server.
 113      */
 114     public static final Contract DNS_CONTRACT;
 115     /**
 116      * {@link ConsumerNamedSelector} pointing to {@link #DNS_CONTRACT}.
 117      */
 118     public static final ConsumerNamedSelector DNS_CONTRACT_CONSUMER_SELECTOR;
 119
 120     // ########### SSH and ICMP management
 121     private static final long SSH_TCP_PORT = 22;
 122     private static final ClassifierName SSH_IPV4_SERVER_TO_CLIENT_NAME =
 123             new ClassifierName("SSH_IPV4_FROM_SERVER_TO_CLIENT");
 124     private static final ClassifierName SSH_IPV6_SERVER_TO_CLIENT_NAME =
 125             new ClassifierName("SSH_IPV6_FROM_SERVER_TO_CLIENT");
 126     private static final ClassifierName SSH_IPV4_CLIENT_TO_SERVER_NAME =
 127             new ClassifierName("SSH_IPV4_FROM_CLIENT_TO_SERVER");
 128     private static final ClassifierName SSH_IPV6_CLIENT_TO_SERVER_NAME =
 129             new ClassifierName("SSH_IPV6_FROM_CLIENT_TO_SERVER");
 130     private static final ClassifierName ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME =
 131             new ClassifierName("ICMP_IPV4_BETWEEN_SERVER_CLIENT");
 132     private static final ClassifierName ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME =
 133             new ClassifierName("ICMP_IPV6_BETWEEN_SERVER_CLIENT");
 134     private static final SubjectName MGMT_SUBJECT_NAME = new SubjectName("ALLOW_MGMT");
 135     private static final Description MGMT_CONTRACT_DESC =
 136             new Description("Allow ICMP and SSH management communication between server and client.");
 137
 138     /**
 139      * Id of {@link #MGMT_CONTRACT}.
 140      */
 141     public static final ContractId MGMT_CONTRACT_ID = new ContractId("33318d2e-dddd-11e5-885d-feff819cdc9f");
 142     /**
 143      * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching ICMP and SSH communication
 144      * between Client and Server.
 145      */
 146     public static final Contract MGMT_CONTRACT;
 147     /**
 148      * {@link ConsumerNamedSelector} pointing to {@link #MGMT_CONTRACT}.
 149      */
 150     public static final ConsumerNamedSelector MGMT_CONTRACT_CONSUMER_SELECTOR;
 151
 152     // ########### NETWORK-SERVICE ENDPOINT-GROUP
 153     private static final Name NETWORK_SERVICE_EPG_NAME = new Name("NETWORK_SERVICE");
 154     private static final Description NETWORK_SERVICE_EPG_DESC = new Description("Represents DHCP and DNS servers.");
 155     /**
 156      * ID of {@link #EPG}.
 157      */
 158     public static final EndpointGroupId EPG_ID = new EndpointGroupId("ddd6cfe6-dfe5-11e4-8a00-1681e6b88ec1");
 159     /**
 160      * Network-service endpoint-group providing {@link #DHCP_CONTRACT} and {@link #DNS_CONTRACT}.
 161      */
 162     public static final EndpointGroup EPG;
 163
 164     static {
 165         DHCP_CONTRACT = createContractDhcp();
 166         DHCP_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(DHCP_CONTRACT);
 167         DNS_CONTRACT = createContractDns();
 168         DNS_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(DNS_CONTRACT);
 169         MGMT_CONTRACT = createContractMgmt();
 170         MGMT_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(MGMT_CONTRACT);
 171         EPG = createNetworkServiceEpg();
 172     }
 173
 174     private static EndpointGroup createNetworkServiceEpg() {
 175         ProviderNamedSelector dhcpProviderSelector = createProviderSelector(DHCP_CONTRACT);
 176         ProviderNamedSelector dnsProviderSelector = createProviderSelector(DNS_CONTRACT);
 177         ProviderNamedSelector mgmtProviderSelector = createProviderSelector(MGMT_CONTRACT);
 178         return createEpgBuilder(EPG_ID, NETWORK_SERVICE_EPG_NAME, NETWORK_SERVICE_EPG_DESC)
 179             .setProviderNamedSelector(ImmutableList.of(dhcpProviderSelector, dnsProviderSelector, mgmtProviderSelector))
 180             .build();
 181     }
 182
 183     private static Contract createContractDhcp() {
 184         Rule clientServerIpv4Rule = createRuleAllow(DHCP_IPV4_CLIENT_SERVER_NAME, Direction.In);
 185         Rule serverClientIpv4Rule = createRuleAllow(DHCP_IPV4_SERVER_CLIENT_NAME, Direction.Out);
 186         Rule clientServerIpv6Rule = createRuleAllow(DHCP_IPV6_CLIENT_SERVER_NAME, Direction.In);
 187         Rule serverClientIpv6Rule = createRuleAllow(DHCP_IPV6_SERVER_CLIENT_NAME, Direction.Out);
 188         Subject subject = new SubjectBuilder().setName(DHCP_SUBJECT_NAME)
 189             .setOrder(0)
 190             .setRule(ImmutableList.of(clientServerIpv4Rule, serverClientIpv4Rule, clientServerIpv6Rule,
 191                     serverClientIpv6Rule))
 192             .build();
 193         return createContract(DHCP_CONTRACT_ID, ImmutableList.of(subject), DHCP_CONTRACT_DESC);
 194     }
 195
 196     private static Contract createContractDns() {
 197         Rule clientServerUdpIpv4Rule = createRuleAllow(DNS_UDP_IPV4_CLIENT_SERVER_NAME, Direction.In);
 198         Rule serverClientUdpIpv4Rule = createRuleAllow(DNS_UDP_IPV4_SERVER_CLIENT_NAME, Direction.Out);
 199         Rule clientServerUdpIpv6Rule = createRuleAllow(DNS_UDP_IPV6_CLIENT_SERVER_NAME, Direction.In);
 200         Rule serverClientUdpIpv6Rule = createRuleAllow(DNS_UDP_IPV6_SERVER_CLIENT_NAME, Direction.Out);
 201         Rule clientServerTcpIpv4Rule = createRuleAllow(DNS_TCP_IPV4_CLIENT_SERVER_NAME, Direction.In);
 202         Rule serverClientTcpIpv4Rule = createRuleAllow(DNS_TCP_IPV4_SERVER_CLIENT_NAME, Direction.Out);
 203         Rule clientServerTcpIpv6Rule = createRuleAllow(DNS_TCP_IPV6_CLIENT_SERVER_NAME, Direction.In);
 204         Rule serverClientTcpIpv6Rule = createRuleAllow(DNS_TCP_IPV6_SERVER_CLIENT_NAME, Direction.Out);
 205         Subject subject = new SubjectBuilder().setName(DNS_SUBJECT_NAME)
 206             .setOrder(0)
 207             .setRule(ImmutableList.of(clientServerUdpIpv4Rule, serverClientUdpIpv4Rule, clientServerUdpIpv6Rule,
 208                     serverClientUdpIpv6Rule, clientServerTcpIpv4Rule, serverClientTcpIpv4Rule, clientServerTcpIpv6Rule,
 209                     serverClientTcpIpv6Rule))
 210             .build();
 211         return createContract(DNS_CONTRACT_ID, ImmutableList.of(subject), DNS_CONTRACT_DESC);
 212     }
 213
 214     private static Contract createContractMgmt() {
 215         Rule serverClientSshIpv4Rule = createRuleAllow(SSH_IPV4_SERVER_TO_CLIENT_NAME, Direction.Out);
 216         Rule serverClientSshIpv6Rule = createRuleAllow(SSH_IPV6_SERVER_TO_CLIENT_NAME, Direction.Out);
 217         Rule clientServerSshIpv4Rule = createRuleAllow(SSH_IPV4_CLIENT_TO_SERVER_NAME, Direction.In);
 218         Rule clientServerSshIpv6Rule = createRuleAllow(SSH_IPV6_CLIENT_TO_SERVER_NAME, Direction.In);
 219         Rule serverClientIcmpIpv4Rule = createRuleAllow(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME, Direction.Out);
 220         Rule serverClientIcmpIpv6Rule = createRuleAllow(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME, Direction.Out);
 221         Rule clientServerIcmpIpv4Rule = createRuleAllow(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME, Direction.In);
 222         Rule clientServerIcmpIpv6Rule = createRuleAllow(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME, Direction.In);
 223
 224         Subject subject = new SubjectBuilder().setName(MGMT_SUBJECT_NAME)
 225             .setOrder(0)
 226             .setRule(ImmutableList.of(serverClientSshIpv4Rule, serverClientSshIpv6Rule, clientServerSshIpv4Rule,
 227                     clientServerSshIpv6Rule, clientServerIcmpIpv4Rule, clientServerIcmpIpv6Rule,
 228                     serverClientIcmpIpv4Rule, serverClientIcmpIpv6Rule))
 229             .build();
 230         return createContract(MGMT_CONTRACT_ID, ImmutableList.of(subject), MGMT_CONTRACT_DESC);
 231     }
 232
 233     /**
 234      * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
 235      * and {@link ProviderMatchers}. This clause points to subject in {@link #DHCP_CONTRACT}.
 236      *
 237      * @param tenantId location of {@link #DHCP_CONTRACT}
 238      * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
 239      * @param writeTx transaction where entities are written
 240      */
 241     public static void writeDhcpClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
 242             WriteTransaction writeTx) {
 243         Clause clause = createClauseWithConsProvEic(ipPrefix, DHCP_SUBJECT_NAME);
 244         writeTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, DHCP_CONTRACT_ID,
 245             clause.getName()), clause, true);
 246     }
 247
 248     /**
 249      * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
 250      * and {@link ProviderMatchers}. This clause points to subject in {@link #DNS_CONTRACT}.
 251      *
 252      * @param tenantId location of {@link #DNS_CONTRACT}
 253      * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
 254      * @param writeTx transaction where entities are written
 255      */
 256     public static void writeDnsClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
 257             WriteTransaction writeTx) {
 258         Clause clause = createClauseWithConsProvEic(ipPrefix, DNS_SUBJECT_NAME);
 259         writeTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, DNS_CONTRACT_ID,
 260             clause.getName()), clause, true);
 261     }
 262
 263     /**
 264      * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
 265      * and {@link ProviderMatchers}. This clause points to subject in {@link #MGMT_CONTRACT}.
 266      *
 267      * @param tenantId location of {@link #MGMT_CONTRACT}
 268      * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
 269      * @param writeTx transaction where entities are written
 270      */
 271     public static void writeMgmtClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
 272             WriteTransaction writeTx) {
 273         Clause clause = createClauseWithConsProvEic(ipPrefix, MGMT_SUBJECT_NAME);
 274         writeTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, MGMT_CONTRACT_ID,
 275             clause.getName()), clause, true);
 276     }
 277
 278     /**
 279      * Puts network service entities (classifier-instances, {@link #DHCP_CONTRACT},
 280      * {@link #DNS_CONTRACT}, {@link #MGMT_CONTRACT} and {@link #EPG}) to
 281      * {@link LogicalDatastoreType#CONFIGURATION}.
 282      *
 283      * @param tenantId location of network-service entities
 284      * @param writeTx transaction where network-service entities are written
 285      */
 286     public static void writeNetworkServiceEntitiesToTenant(TenantId tenantId, WriteTransaction writeTx) {
 287         Set<ClassifierInstance> classifierInstances = getAllClassifierInstances();
 288         for (ClassifierInstance ci : classifierInstances) {
 289             writeTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.classifierInstanceIid(tenantId, ci.getName()),
 290                 ci, true);
 291         }
 292         for (ActionInstance ai : Collections.singleton(MappingUtils.ACTION_ALLOW)) {
 293             writeTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.actionInstanceIid(tenantId, ai.getName()), ai,
 294                 true);
 295         }
 296         writeTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, DHCP_CONTRACT_ID),
 297             DHCP_CONTRACT, true);
 298         writeTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, DNS_CONTRACT_ID), DNS_CONTRACT,
 299             true);
 300         writeTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, MGMT_CONTRACT_ID),
 301             MGMT_CONTRACT, true);
 302         writeTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.endpointGroupIid(tenantId, EPG_ID), EPG, true);
 303     }
 304
 305     /**
 306      * Used to get all Classifier instances.
 307      * @return All classifier-instances used in {@link #DHCP_CONTRACT}, {@link #DNS_CONTRACT} and
 308      * {@link #MGMT_CONTRACT}.
 309      */
 310     public static Set<ClassifierInstance> getAllClassifierInstances() {
 311         HashSet<ClassifierInstance> cis = new HashSet<>();
 312         cis.add(createDhcpIpv4ClientServer());
 313         cis.add(createDhcpIpv4ServerClient());
 314         cis.add(createDhcpIpv6ClientServer());
 315         cis.add(createDhcpIpv6ServerClient());
 316         cis.add(createDnsUdpIpv4ClientServer());
 317         cis.add(createDnsUdpIpv4ServerClient());
 318         cis.add(createDnsUdpIpv6ClientServer());
 319         cis.add(createDnsUdpIpv6ServerClient());
 320         cis.add(createDnsTcpIpv4ClientServer());
 321         cis.add(createDnsTcpIpv4ServerClient());
 322         cis.add(createDnsTcpIpv6ClientServer());
 323         cis.add(createDnsTcpIpv6ServerClient());
 324         // MGMT
 325         cis.add(createSshTcpIpv4ServerClient());
 326         cis.add(createSshTcpIpv6ServerClient());
 327         cis.add(createSshTcpIpv4ClientServer());
 328         cis.add(createSshTcpIpv6ClientServer());
 329         cis.add(createIcmpIpv4());
 330         cis.add(createIcmpIpv6());
 331         return cis;
 332     }
 333
 334     // ###################### DHCP
 335     private static ClassifierInstance createDhcpIpv4ClientServer() {
 336         return createClassifInstance(DHCP_IPV4_CLIENT_SERVER_NAME, L4ClassifierDefinition.DEFINITION.getId(),
 337                 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
 338                         DHCP_IPV4_CLIENT_PORT, DHCP_IPV4_SERVER_PORT));
 339     }
 340
 341     private static ClassifierInstance createDhcpIpv4ServerClient() {
 342         return createClassifInstance(DHCP_IPV4_SERVER_CLIENT_NAME, L4ClassifierDefinition.DEFINITION.getId(),
 343                 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
 344                         DHCP_IPV4_SERVER_PORT, DHCP_IPV4_CLIENT_PORT));
 345     }
 346
 347     private static ClassifierInstance createDhcpIpv6ClientServer() {
 348         return createClassifInstance(DHCP_IPV6_CLIENT_SERVER_NAME, L4ClassifierDefinition.DEFINITION.getId(),
 349                 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
 350                         DHCP_IPV6_CLIENT_PORT, DHCP_IPV6_SERVER_PORT));
 351     }
 352
 353     private static ClassifierInstance createDhcpIpv6ServerClient() {
 354         return createClassifInstance(DHCP_IPV6_SERVER_CLIENT_NAME, L4ClassifierDefinition.DEFINITION.getId(),
 355                 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
 356                         DHCP_IPV6_SERVER_PORT, DHCP_IPV6_CLIENT_PORT));
 357     }
 358
 359     // ###################### DNS UDP
 360     private static ClassifierInstance createDnsUdpIpv4ClientServer() {
 361         return createClassifInstance(DNS_UDP_IPV4_CLIENT_SERVER_NAME, L4ClassifierDefinition.DEFINITION.getId(),
 362                 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE, null,
 363                         DNS_SERVER_PORT));
 364     }
 365
 366     private static ClassifierInstance createDnsUdpIpv4ServerClient() {
 367         return createClassifInstance(DNS_UDP_IPV4_SERVER_CLIENT_NAME, L4ClassifierDefinition.DEFINITION.getId(),
 368                 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
 369                         DNS_SERVER_PORT, null));
 370     }
 371
 372     private static ClassifierInstance createDnsUdpIpv6ClientServer() {
 373         return createClassifInstance(DNS_UDP_IPV6_CLIENT_SERVER_NAME, L4ClassifierDefinition.DEFINITION.getId(),
 374                 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE, null,
 375                         DNS_SERVER_PORT));
 376     }
 377
 378     private static ClassifierInstance createDnsUdpIpv6ServerClient() {
 379         return createClassifInstance(DNS_UDP_IPV6_SERVER_CLIENT_NAME, L4ClassifierDefinition.DEFINITION.getId(),
 380                 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
 381                         DNS_SERVER_PORT, null));
 382     }
 383
 384     // ###################### DNS TCP
 385     private static ClassifierInstance createDnsTcpIpv4ClientServer() {
 386         return createClassifInstance(DNS_TCP_IPV4_CLIENT_SERVER_NAME,
 387                 L4ClassifierDefinition.DEFINITION.getId(),
 388                 createParams(EtherTypeClassifierDefinition.IPv4_VALUE,
 389                         IpProtoClassifierDefinition.TCP_VALUE, null, DNS_SERVER_PORT));
 390     }
 391
 392     private static ClassifierInstance createDnsTcpIpv4ServerClient() {
 393         return createClassifInstance(DNS_TCP_IPV4_SERVER_CLIENT_NAME,
 394                 L4ClassifierDefinition.DEFINITION.getId(),
 395                 createParams(EtherTypeClassifierDefinition.IPv4_VALUE,
 396                         IpProtoClassifierDefinition.TCP_VALUE, DNS_SERVER_PORT, null));
 397     }
 398
 399     private static ClassifierInstance createDnsTcpIpv6ClientServer() {
 400         return createClassifInstance(DNS_TCP_IPV6_CLIENT_SERVER_NAME,
 401                 L4ClassifierDefinition.DEFINITION.getId(),
 402                 createParams(EtherTypeClassifierDefinition.IPv6_VALUE,
 403                         IpProtoClassifierDefinition.TCP_VALUE, null, DNS_SERVER_PORT));
 404     }
 405
 406     private static ClassifierInstance createDnsTcpIpv6ServerClient() {
 407         return createClassifInstance(DNS_TCP_IPV6_SERVER_CLIENT_NAME,
 408                 L4ClassifierDefinition.DEFINITION.getId(),
 409                 createParams(EtherTypeClassifierDefinition.IPv6_VALUE,
 410                         IpProtoClassifierDefinition.TCP_VALUE, DNS_SERVER_PORT, null));
 411     }
 412
 413     // ###################### SSH TCP
 414     private static ClassifierInstance createSshTcpIpv4ClientServer() {
 415         return createClassifInstance(SSH_IPV4_CLIENT_TO_SERVER_NAME,
 416                 L4ClassifierDefinition.DEFINITION.getId(),
 417                 createParams(EtherTypeClassifierDefinition.IPv4_VALUE,
 418                         IpProtoClassifierDefinition.TCP_VALUE, SSH_TCP_PORT, null));
 419     }
 420
 421     private static ClassifierInstance createSshTcpIpv4ServerClient() {
 422         return createClassifInstance(SSH_IPV4_SERVER_TO_CLIENT_NAME,
 423                 L4ClassifierDefinition.DEFINITION.getId(),
 424                 createParams(EtherTypeClassifierDefinition.IPv4_VALUE,
 425                         IpProtoClassifierDefinition.TCP_VALUE, null, SSH_TCP_PORT));
 426     }
 427
 428     private static ClassifierInstance createSshTcpIpv6ClientServer() {
 429         return createClassifInstance(SSH_IPV6_CLIENT_TO_SERVER_NAME,
 430                 L4ClassifierDefinition.DEFINITION.getId(),
 431                 createParams(EtherTypeClassifierDefinition.IPv6_VALUE,
 432                         IpProtoClassifierDefinition.TCP_VALUE, SSH_TCP_PORT, null));
 433     }
 434
 435     private static ClassifierInstance createSshTcpIpv6ServerClient() {
 436         return createClassifInstance(SSH_IPV6_SERVER_TO_CLIENT_NAME,
 437                 L4ClassifierDefinition.DEFINITION.getId(),
 438                 createParams(EtherTypeClassifierDefinition.IPv6_VALUE,
 439                         IpProtoClassifierDefinition.TCP_VALUE, null, SSH_TCP_PORT));
 440     }
 441
 442     // ###################### ICMP
 443     private static ClassifierInstance createIcmpIpv4() {
 444         return createClassifInstance(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME,
 445                 IpProtoClassifierDefinition.DEFINITION.getId(), createParams(
 446                         EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.ICMP_VALUE, null, null));
 447     }
 448
 449     private static ClassifierInstance createIcmpIpv6() {
 450         return createClassifInstance((ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME),
 451                 IpProtoClassifierDefinition.DEFINITION.getId(), createParams(
 452                         EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.ICMP_VALUE, null, null));
 453     }
 454 }