2 * Copyright (C) 2014 Red Hat, Inc.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 * Authors : Madhu Venugopal
10 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
12 import java.math.BigInteger;
13 import java.util.List;
15 import org.opendaylight.controller.networkconfig.neutron.NeutronSecurityGroup;
16 import org.opendaylight.controller.networkconfig.neutron.NeutronSecurityRule;
17 import org.opendaylight.controller.sal.core.Node;
18 import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
19 import org.opendaylight.ovsdb.openstack.netvirt.api.EgressAclProvider;
20 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.AbstractServiceInstance;
21 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
22 import org.opendaylight.ovsdb.utils.mdsal.openflow.InstructionUtils;
23 import org.opendaylight.ovsdb.utils.mdsal.openflow.MatchUtils;
24 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Prefix;
25 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.PortNumber;
26 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev100924.MacAddress;
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.FlowId;
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowKey;
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.InstructionsBuilder;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.Instruction;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.InstructionBuilder;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.InstructionKey;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
36 import org.slf4j.Logger;
37 import org.slf4j.LoggerFactory;
39 import com.google.common.collect.Lists;
41 public class EgressAclService extends AbstractServiceInstance implements EgressAclProvider {
43 static final Logger logger = LoggerFactory.getLogger(EgressAclService.class);
45 public EgressAclService() {
46 super(Service.EGRESS_ACL);
49 public EgressAclService(Service service) {
54 public void programPortSecurityACL(Node node, Long dpid, String segmentationId, String attachedMac, long localPort,
55 NeutronSecurityGroup securityGroup) {
57 logger.trace("programLocalBridgeRulesWithSec neutronSecurityGroup: {} ", securityGroup);
58 List<NeutronSecurityRule> portSecurityList = securityGroup.getSecurityRules();
59 /* Iterate over the Port Security Rules in the Port Security Group bound to the port*/
60 for (NeutronSecurityRule portSecurityRule : portSecurityList) {
62 * Neutron Port Security ACL "egress" and "IPv4"
64 * Check that the base conditions for flow based Port Security are true:
65 * Port Security Rule Direction ("egress") and Protocol ("IPv4")
66 * Neutron defines the direction "ingress" as the vSwitch to the VM as defined in:
67 * http://docs.openstack.org/api/openstack-network/2.0/content/security_groups.html
70 if (portSecurityRule.getSecurityRuleEthertype().equalsIgnoreCase("IPv4") &&
71 portSecurityRule.getSecurityRuleDirection().equalsIgnoreCase("egress")) {
72 logger.debug("Egress IPV4 ACL Port Security Rule: {} ", portSecurityRule);
73 // ToDo: Implement Port Range
76 * TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
78 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
79 !String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
80 !String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
81 (!String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null") &&
82 !String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix())
83 .equalsIgnoreCase("0.0.0.0/0"))) {
85 "Rule #1 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
86 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
87 portSecurityRule.getSecurityRulePortMax(),
88 portSecurityRule.getSecurityRuleRemoteIpPrefix());
89 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac,
90 Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY_DROP,
92 egressACLTcpPortWithPrefix(dpid, segmentationId,
93 attachedMac, true, portSecurityRule.getSecurityRulePortMin(),
94 portSecurityRule.getSecurityRuleRemoteIpPrefix(),
95 Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY);
99 * TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
101 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
102 !String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
103 String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
104 (!String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null") &&
105 !String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix())
106 .equalsIgnoreCase("0.0.0.0/0"))) {
108 "Rule #2 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
109 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
110 portSecurityRule.getSecurityRulePortMax(),
111 portSecurityRule.getSecurityRuleRemoteIpPrefix());
112 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac,
113 Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY_DROP,
115 egressACLTcpPortWithPrefix(dpid, segmentationId,
116 attachedMac, true, portSecurityRule.getSecurityRulePortMin(),
117 portSecurityRule.getSecurityRuleRemoteIpPrefix(),
118 Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY);
122 * TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
124 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
125 String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
126 String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
127 !String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null")) {
129 "Rule #3 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
130 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
131 portSecurityRule.getSecurityRulePortMax(),
132 portSecurityRule.getSecurityRuleRemoteIpPrefix());
133 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac, Constants.PROTO_PREFIX_MATCH_PRIORITY_DROP,
135 egressACLPermitAllProto(dpid, segmentationId, attachedMac, true,
136 portSecurityRule.getSecurityRuleRemoteIpPrefix(), Constants.PROTO_PREFIX_MATCH_PRIORITY);
140 * TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
142 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("null") &&
143 String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
144 String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
145 (!String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null") &&
146 !String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix())
147 .equalsIgnoreCase("0.0.0.0/0"))) {
149 "Rule #4 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
150 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
151 portSecurityRule.getSecurityRulePortMax(),
152 portSecurityRule.getSecurityRuleRemoteIpPrefix());
153 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac, Constants.PREFIX_MATCH_PRIORITY_DROP, true);
154 egressACLPermitAllProto(dpid, segmentationId, attachedMac, true,
155 portSecurityRule.getSecurityRuleRemoteIpPrefix(), Constants.PREFIX_MATCH_PRIORITY);
159 * TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
161 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
162 !String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
163 !String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
164 String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null")) {
166 "Rule #5 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
167 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
168 portSecurityRule.getSecurityRulePortMax(),
169 portSecurityRule.getSecurityRuleRemoteIpPrefix());
170 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac, Constants.PROTO_PORT_MATCH_PRIORITY_DROP,
172 egressACLTcpSyn(dpid, segmentationId,
173 attachedMac, true, portSecurityRule.getSecurityRulePortMin(),
174 Constants.PROTO_PORT_MATCH_PRIORITY);
178 * TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
180 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
181 !String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
182 String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
183 String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null")) {
185 "Rule #6 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
186 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
187 portSecurityRule.getSecurityRulePortMax(),
188 portSecurityRule.getSecurityRuleRemoteIpPrefix());
189 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac,
190 Constants.PROTO_PORT_MATCH_PRIORITY_DROP, true);
191 egressACLTcpSyn(dpid, segmentationId, attachedMac, true,
192 portSecurityRule.getSecurityRulePortMin(), Constants.PROTO_PORT_MATCH_PRIORITY);
196 * TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
198 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
199 String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
200 String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
201 ((String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null")) ||
202 String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix())
203 .equalsIgnoreCase("0.0.0.0/0"))) {
205 "Rule #7 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
206 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
207 portSecurityRule.getSecurityRulePortMax(),
208 portSecurityRule.getSecurityRuleRemoteIpPrefix());
209 // No need to drop until UDP/ICMP are implemented
210 // egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac, PROTO_MATCH_PRIORITY_DROP, true);
211 egressAllowProto(dpid, segmentationId, attachedMac, true,
212 portSecurityRule.getSecurityRuleProtocol(), Constants.PROTO_MATCH_PRIORITY);
215 logger.debug("ACL Match combination not found for rule: {}", portSecurityRule);
220 public void egressACLDefaultTcpDrop(Long dpidLong, String segmentationId, String attachedMac,
221 int priority, boolean write) {
223 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
224 MatchBuilder matchBuilder = new MatchBuilder();
225 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
226 FlowBuilder flowBuilder = new FlowBuilder();
228 flowBuilder.setMatch(MatchUtils.createSmacTcpPortWithFlagMatch(matchBuilder,
229 attachedMac, Constants.TCP_SYN, segmentationId).build());
230 logger.debug("MatchBuilder contains: {}", flowBuilder.getMatch());
232 String flowId = "TCP_Syn_Egress_Default_Drop_" + attachedMac;
233 flowBuilder.setId(new FlowId(flowId));
234 FlowKey key = new FlowKey(new FlowId(flowId));
235 flowBuilder.setStrict(false);
236 flowBuilder.setPriority(priority);
237 flowBuilder.setBarrier(true);
238 flowBuilder.setTableId(this.getTable());
239 flowBuilder.setKey(key);
240 flowBuilder.setFlowName(flowId);
241 flowBuilder.setHardTimeout(0);
242 flowBuilder.setIdleTimeout(0);
245 // Instantiate the Builders for the OF Actions and Instructions
246 InstructionBuilder ib = new InstructionBuilder();
247 InstructionsBuilder isb = new InstructionsBuilder();
248 List<Instruction> instructions = Lists.newArrayList();
250 InstructionUtils.createDropInstructions(ib);
252 ib.setKey(new InstructionKey(0));
253 instructions.add(ib.build());
254 // Add InstructionBuilder to the Instruction(s)Builder List
255 isb.setInstruction(instructions);
257 logger.debug("Instructions contain: {}", ib.getInstruction());
258 // Add InstructionsBuilder to FlowBuilder
259 flowBuilder.setInstructions(isb.build());
260 writeFlow(flowBuilder, nodeBuilder);
262 removeFlow(flowBuilder, nodeBuilder);
266 public void egressACLTcpPortWithPrefix(Long dpidLong, String segmentationId, String attachedMac, boolean write,
267 Integer securityRulePortMin, String securityRuleIpPrefix, Integer protoPortPrefixMatchPriority) {
269 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
270 PortNumber tcpPort = new PortNumber(securityRulePortMin);
271 MatchBuilder matchBuilder = new MatchBuilder();
272 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
273 FlowBuilder flowBuilder = new FlowBuilder();
274 Ipv4Prefix srcIpPrefix = new Ipv4Prefix(securityRuleIpPrefix);
276 flowBuilder.setMatch(MatchUtils
277 .createSmacTcpSynDstIpPrefixTcpPort(matchBuilder, new MacAddress(attachedMac),
278 tcpPort, Constants.TCP_SYN, segmentationId, srcIpPrefix).build());
280 logger.debug(" MatchBuilder contains: {}", flowBuilder.getMatch());
281 String flowId = "UcastEgress_" + segmentationId + "_" + attachedMac +
282 securityRulePortMin + securityRuleIpPrefix;
283 // Add Flow Attributes
284 flowBuilder.setId(new FlowId(flowId));
285 FlowKey key = new FlowKey(new FlowId(flowId));
286 flowBuilder.setStrict(false);
287 flowBuilder.setPriority(protoPortPrefixMatchPriority);
288 flowBuilder.setBarrier(true);
289 flowBuilder.setTableId(this.getTable());
290 flowBuilder.setKey(key);
291 flowBuilder.setFlowName(flowId);
292 flowBuilder.setHardTimeout(0);
293 flowBuilder.setIdleTimeout(0);
296 // Instantiate the Builders for the OF Actions and Instructions
297 InstructionBuilder ib = new InstructionBuilder();
298 InstructionsBuilder isb = new InstructionsBuilder();
299 List<Instruction> instructionsList = Lists.newArrayList();
301 ib = this.getMutablePipelineInstructionBuilder();
303 ib.setKey(new InstructionKey(0));
304 instructionsList.add(ib.build());
305 isb.setInstruction(instructionsList);
307 logger.debug("Instructions contain: {}", ib.getInstruction());
308 // Add InstructionsBuilder to FlowBuilder
309 flowBuilder.setInstructions(isb.build());
310 writeFlow(flowBuilder, nodeBuilder);
312 removeFlow(flowBuilder, nodeBuilder);
318 public void egressAllowProto(Long dpidLong, String segmentationId, String attachedMac, boolean write,
319 String securityRuleProtcol, Integer protoMatchPriority) {
321 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
322 MatchBuilder matchBuilder = new MatchBuilder();
323 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
324 FlowBuilder flowBuilder = new FlowBuilder();
326 flowBuilder.setMatch(MatchUtils
327 .createDmacIpTcpSynMatch(matchBuilder, new MacAddress(attachedMac), null, null).build());
328 flowBuilder.setMatch(MatchUtils
329 .createTunnelIDMatch(matchBuilder, new BigInteger(segmentationId)).build());
331 logger.debug("MatchBuilder contains: {}", flowBuilder.getMatch());
332 String flowId = "EgressAllProto_" + segmentationId + "_" +
333 attachedMac + "_AllowEgressTCPSyn_" + securityRuleProtcol;
334 // Add Flow Attributes
335 flowBuilder.setId(new FlowId(flowId));
336 FlowKey key = new FlowKey(new FlowId(flowId));
337 flowBuilder.setStrict(false);
338 flowBuilder.setPriority(protoMatchPriority);
339 flowBuilder.setBarrier(true);
340 flowBuilder.setTableId(this.getTable());
341 flowBuilder.setKey(key);
342 flowBuilder.setFlowName(flowId);
343 flowBuilder.setHardTimeout(0);
344 flowBuilder.setIdleTimeout(0);
347 // Instantiate the Builders for the OF Actions and Instructions
348 InstructionBuilder ib = new InstructionBuilder();
349 InstructionsBuilder isb = new InstructionsBuilder();
350 List<Instruction> instructionsList = Lists.newArrayList();
352 ib = this.getMutablePipelineInstructionBuilder();
354 ib.setKey(new InstructionKey(0));
355 instructionsList.add(ib.build());
356 isb.setInstruction(instructionsList);
358 logger.debug("Instructions contain: {}", ib.getInstruction());
359 // Add InstructionsBuilder to FlowBuilder
360 flowBuilder.setInstructions(isb.build());
361 writeFlow(flowBuilder, nodeBuilder);
363 removeFlow(flowBuilder, nodeBuilder);
367 public void egressACLPermitAllProto(Long dpidLong, String segmentationId, String attachedMac,
368 boolean write, String securityRuleIpPrefix, Integer protoPortMatchPriority) {
370 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
371 Ipv4Prefix srcIpPrefix = new Ipv4Prefix(securityRuleIpPrefix);
372 MatchBuilder matchBuilder = new MatchBuilder();
373 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
374 FlowBuilder flowBuilder = new FlowBuilder();
376 flowBuilder.setMatch(MatchUtils.createTunnelIDMatch(matchBuilder, new BigInteger(segmentationId))
378 if (securityRuleIpPrefix != null) {
379 flowBuilder.setMatch(MatchUtils
380 .createSmacIpTcpSynMatch(matchBuilder, new MacAddress(attachedMac), null, srcIpPrefix)
383 flowBuilder.setMatch(MatchUtils
384 .createSmacIpTcpSynMatch(matchBuilder, new MacAddress(attachedMac), null, null)
387 logger.debug("MatchBuilder contains: {}", flowBuilder.getMatch());
388 String flowId = "Egress_Proto_ACL" + segmentationId + "_" +
389 attachedMac + "_Permit_" + securityRuleIpPrefix;
390 // Add Flow Attributes
391 flowBuilder.setId(new FlowId(flowId));
392 FlowKey key = new FlowKey(new FlowId(flowId));
393 flowBuilder.setStrict(false);
394 flowBuilder.setPriority(protoPortMatchPriority);
395 flowBuilder.setBarrier(true);
396 flowBuilder.setTableId(this.getTable());
397 flowBuilder.setKey(key);
398 flowBuilder.setFlowName(flowId);
399 flowBuilder.setHardTimeout(0);
400 flowBuilder.setIdleTimeout(0);
403 // Instantiate the Builders for the OF Actions and Instructions
404 InstructionBuilder ib = new InstructionBuilder();
405 InstructionsBuilder isb = new InstructionsBuilder();
406 List<Instruction> instructionsList = Lists.newArrayList();
408 ib = this.getMutablePipelineInstructionBuilder();
410 ib.setKey(new InstructionKey(0));
411 instructionsList.add(ib.build());
412 isb.setInstruction(instructionsList);
414 logger.debug("Instructions contain: {}", ib.getInstruction());
415 // Add InstructionsBuilder to FlowBuilder
416 flowBuilder.setInstructions(isb.build());
417 writeFlow(flowBuilder, nodeBuilder);
419 removeFlow(flowBuilder, nodeBuilder);
424 public void egressACLTcpSyn(Long dpidLong, String segmentationId, String attachedMac, boolean write,
425 Integer securityRulePortMin, Integer protoPortMatchPriority) {
427 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
428 PortNumber tcpPort = new PortNumber(securityRulePortMin);
429 MatchBuilder matchBuilder = new MatchBuilder();
430 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
431 FlowBuilder flowBuilder = new FlowBuilder();
433 flowBuilder.setMatch(MatchUtils.createSmacTcpSyn(matchBuilder, attachedMac, tcpPort,
434 Constants.TCP_SYN, segmentationId).build());
436 logger.debug("MatchBuilder contains: {}", flowBuilder.getMatch());
437 String flowId = "Ucast_this.getTable()" + segmentationId + "_" + attachedMac + securityRulePortMin;
438 // Add Flow Attributes
439 flowBuilder.setId(new FlowId(flowId));
440 FlowKey key = new FlowKey(new FlowId(flowId));
441 flowBuilder.setStrict(false);
442 flowBuilder.setPriority(protoPortMatchPriority);
443 flowBuilder.setBarrier(true);
444 flowBuilder.setTableId(this.getTable());
445 flowBuilder.setKey(key);
446 flowBuilder.setFlowName(flowId);
447 flowBuilder.setHardTimeout(0);
448 flowBuilder.setIdleTimeout(0);
451 // Instantiate the Builders for the OF Actions and Instructions
452 InstructionBuilder ib = new InstructionBuilder();
453 InstructionsBuilder isb = new InstructionsBuilder();
454 List<Instruction> instructionsList = Lists.newArrayList();
456 ib = this.getMutablePipelineInstructionBuilder();
458 ib.setKey(new InstructionKey(0));
459 instructionsList.add(ib.build());
460 isb.setInstruction(instructionsList);
462 logger.debug("Instructions contain: {}", ib.getInstruction());
463 // Add InstructionsBuilder to FlowBuilder
464 flowBuilder.setInstructions(isb.build());
465 writeFlow(flowBuilder, nodeBuilder);
467 removeFlow(flowBuilder, nodeBuilder);