2 * Copyright (C) 2014 Red Hat, Inc.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 * Authors : Madhu Venugopal
10 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
12 import java.math.BigInteger;
13 import java.util.List;
15 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
16 import org.opendaylight.neutron.spi.NeutronSecurityRule;
17 import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
18 import org.opendaylight.ovsdb.openstack.netvirt.api.EgressAclProvider;
19 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.AbstractServiceInstance;
20 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
21 import org.opendaylight.ovsdb.utils.mdsal.openflow.InstructionUtils;
22 import org.opendaylight.ovsdb.utils.mdsal.openflow.MatchUtils;
23 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Prefix;
24 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.PortNumber;
25 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev100924.MacAddress;
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.FlowId;
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowKey;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.InstructionsBuilder;
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.Instruction;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.InstructionBuilder;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.InstructionKey;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
35 import org.slf4j.Logger;
36 import org.slf4j.LoggerFactory;
38 import com.google.common.collect.Lists;
40 public class EgressAclService extends AbstractServiceInstance implements EgressAclProvider {
42 static final Logger logger = LoggerFactory.getLogger(EgressAclService.class);
44 public EgressAclService() {
45 super(Service.EGRESS_ACL);
48 public EgressAclService(Service service) {
53 public void programPortSecurityACL(Long dpid, String segmentationId, String attachedMac, long localPort,
54 NeutronSecurityGroup securityGroup) {
56 logger.trace("programLocalBridgeRulesWithSec neutronSecurityGroup: {} ", securityGroup);
57 List<NeutronSecurityRule> portSecurityList = securityGroup.getSecurityRules();
58 /* Iterate over the Port Security Rules in the Port Security Group bound to the port*/
59 for (NeutronSecurityRule portSecurityRule : portSecurityList) {
61 * Neutron Port Security ACL "egress" and "IPv4"
63 * Check that the base conditions for flow based Port Security are true:
64 * Port Security Rule Direction ("egress") and Protocol ("IPv4")
65 * Neutron defines the direction "ingress" as the vSwitch to the VM as defined in:
66 * http://docs.openstack.org/api/openstack-network/2.0/content/security_groups.html
69 if (portSecurityRule.getSecurityRuleEthertype().equalsIgnoreCase("IPv4") &&
70 portSecurityRule.getSecurityRuleDirection().equalsIgnoreCase("egress")) {
71 logger.debug("Egress IPV4 ACL Port Security Rule: {} ", portSecurityRule);
72 // ToDo: Implement Port Range
75 * TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
77 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
78 !String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
79 !String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
80 (!String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null") &&
81 !String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix())
82 .equalsIgnoreCase("0.0.0.0/0"))) {
84 "Rule #1 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
85 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
86 portSecurityRule.getSecurityRulePortMax(),
87 portSecurityRule.getSecurityRuleRemoteIpPrefix());
88 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac,
89 Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY_DROP,
91 egressACLTcpPortWithPrefix(dpid, segmentationId,
92 attachedMac, true, portSecurityRule.getSecurityRulePortMin(),
93 portSecurityRule.getSecurityRuleRemoteIpPrefix(),
94 Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY);
98 * TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
100 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
101 !String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
102 String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
103 (!String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null") &&
104 !String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix())
105 .equalsIgnoreCase("0.0.0.0/0"))) {
107 "Rule #2 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
108 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
109 portSecurityRule.getSecurityRulePortMax(),
110 portSecurityRule.getSecurityRuleRemoteIpPrefix());
111 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac,
112 Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY_DROP,
114 egressACLTcpPortWithPrefix(dpid, segmentationId,
115 attachedMac, true, portSecurityRule.getSecurityRulePortMin(),
116 portSecurityRule.getSecurityRuleRemoteIpPrefix(),
117 Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY);
121 * TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
123 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
124 String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
125 String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
126 !String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null")) {
128 "Rule #3 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
129 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
130 portSecurityRule.getSecurityRulePortMax(),
131 portSecurityRule.getSecurityRuleRemoteIpPrefix());
132 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac, Constants.PROTO_PREFIX_MATCH_PRIORITY_DROP,
134 egressACLPermitAllProto(dpid, segmentationId, attachedMac, true,
135 portSecurityRule.getSecurityRuleRemoteIpPrefix(), Constants.PROTO_PREFIX_MATCH_PRIORITY);
139 * TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
141 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("null") &&
142 String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
143 String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
144 (!String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null") &&
145 !String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix())
146 .equalsIgnoreCase("0.0.0.0/0"))) {
148 "Rule #4 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
149 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
150 portSecurityRule.getSecurityRulePortMax(),
151 portSecurityRule.getSecurityRuleRemoteIpPrefix());
152 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac, Constants.PREFIX_MATCH_PRIORITY_DROP, true);
153 egressACLPermitAllProto(dpid, segmentationId, attachedMac, true,
154 portSecurityRule.getSecurityRuleRemoteIpPrefix(), Constants.PREFIX_MATCH_PRIORITY);
158 * TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
160 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
161 !String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
162 !String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
163 String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null")) {
165 "Rule #5 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
166 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
167 portSecurityRule.getSecurityRulePortMax(),
168 portSecurityRule.getSecurityRuleRemoteIpPrefix());
169 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac, Constants.PROTO_PORT_MATCH_PRIORITY_DROP,
171 egressACLTcpSyn(dpid, segmentationId,
172 attachedMac, true, portSecurityRule.getSecurityRulePortMin(),
173 Constants.PROTO_PORT_MATCH_PRIORITY);
177 * TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
179 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
180 !String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
181 String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
182 String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null")) {
184 "Rule #6 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
185 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
186 portSecurityRule.getSecurityRulePortMax(),
187 portSecurityRule.getSecurityRuleRemoteIpPrefix());
188 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac,
189 Constants.PROTO_PORT_MATCH_PRIORITY_DROP, true);
190 egressACLTcpSyn(dpid, segmentationId, attachedMac, true,
191 portSecurityRule.getSecurityRulePortMin(), Constants.PROTO_PORT_MATCH_PRIORITY);
195 * TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
197 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
198 String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
199 String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
200 ((String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null")) ||
201 String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix())
202 .equalsIgnoreCase("0.0.0.0/0"))) {
204 "Rule #7 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
205 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
206 portSecurityRule.getSecurityRulePortMax(),
207 portSecurityRule.getSecurityRuleRemoteIpPrefix());
208 // No need to drop until UDP/ICMP are implemented
209 // egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac, PROTO_MATCH_PRIORITY_DROP, true);
210 egressAllowProto(dpid, segmentationId, attachedMac, true,
211 portSecurityRule.getSecurityRuleProtocol(), Constants.PROTO_MATCH_PRIORITY);
214 logger.debug("ACL Match combination not found for rule: {}", portSecurityRule);
219 public void egressACLDefaultTcpDrop(Long dpidLong, String segmentationId, String attachedMac,
220 int priority, boolean write) {
222 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
223 MatchBuilder matchBuilder = new MatchBuilder();
224 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
225 FlowBuilder flowBuilder = new FlowBuilder();
227 flowBuilder.setMatch(MatchUtils.createSmacTcpPortWithFlagMatch(matchBuilder,
228 attachedMac, Constants.TCP_SYN, segmentationId).build());
229 logger.debug("MatchBuilder contains: {}", flowBuilder.getMatch());
231 String flowId = "TCP_Syn_Egress_Default_Drop_" + attachedMac;
232 flowBuilder.setId(new FlowId(flowId));
233 FlowKey key = new FlowKey(new FlowId(flowId));
234 flowBuilder.setStrict(false);
235 flowBuilder.setPriority(priority);
236 flowBuilder.setBarrier(true);
237 flowBuilder.setTableId(this.getTable());
238 flowBuilder.setKey(key);
239 flowBuilder.setFlowName(flowId);
240 flowBuilder.setHardTimeout(0);
241 flowBuilder.setIdleTimeout(0);
244 // Instantiate the Builders for the OF Actions and Instructions
245 InstructionBuilder ib = new InstructionBuilder();
246 InstructionsBuilder isb = new InstructionsBuilder();
247 List<Instruction> instructions = Lists.newArrayList();
249 InstructionUtils.createDropInstructions(ib);
251 ib.setKey(new InstructionKey(0));
252 instructions.add(ib.build());
253 // Add InstructionBuilder to the Instruction(s)Builder List
254 isb.setInstruction(instructions);
256 logger.debug("Instructions contain: {}", ib.getInstruction());
257 // Add InstructionsBuilder to FlowBuilder
258 flowBuilder.setInstructions(isb.build());
259 writeFlow(flowBuilder, nodeBuilder);
261 removeFlow(flowBuilder, nodeBuilder);
265 public void egressACLTcpPortWithPrefix(Long dpidLong, String segmentationId, String attachedMac, boolean write,
266 Integer securityRulePortMin, String securityRuleIpPrefix, Integer protoPortPrefixMatchPriority) {
268 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
269 PortNumber tcpPort = new PortNumber(securityRulePortMin);
270 MatchBuilder matchBuilder = new MatchBuilder();
271 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
272 FlowBuilder flowBuilder = new FlowBuilder();
273 Ipv4Prefix srcIpPrefix = new Ipv4Prefix(securityRuleIpPrefix);
275 flowBuilder.setMatch(MatchUtils
276 .createSmacTcpSynDstIpPrefixTcpPort(matchBuilder, new MacAddress(attachedMac),
277 tcpPort, Constants.TCP_SYN, segmentationId, srcIpPrefix).build());
279 logger.debug(" MatchBuilder contains: {}", flowBuilder.getMatch());
280 String flowId = "UcastEgress_" + segmentationId + "_" + attachedMac +
281 securityRulePortMin + securityRuleIpPrefix;
282 // Add Flow Attributes
283 flowBuilder.setId(new FlowId(flowId));
284 FlowKey key = new FlowKey(new FlowId(flowId));
285 flowBuilder.setStrict(false);
286 flowBuilder.setPriority(protoPortPrefixMatchPriority);
287 flowBuilder.setBarrier(true);
288 flowBuilder.setTableId(this.getTable());
289 flowBuilder.setKey(key);
290 flowBuilder.setFlowName(flowId);
291 flowBuilder.setHardTimeout(0);
292 flowBuilder.setIdleTimeout(0);
295 // Instantiate the Builders for the OF Actions and Instructions
296 InstructionBuilder ib = new InstructionBuilder();
297 InstructionsBuilder isb = new InstructionsBuilder();
298 List<Instruction> instructionsList = Lists.newArrayList();
300 ib = this.getMutablePipelineInstructionBuilder();
302 ib.setKey(new InstructionKey(0));
303 instructionsList.add(ib.build());
304 isb.setInstruction(instructionsList);
306 logger.debug("Instructions contain: {}", ib.getInstruction());
307 // Add InstructionsBuilder to FlowBuilder
308 flowBuilder.setInstructions(isb.build());
309 writeFlow(flowBuilder, nodeBuilder);
311 removeFlow(flowBuilder, nodeBuilder);
317 public void egressAllowProto(Long dpidLong, String segmentationId, String attachedMac, boolean write,
318 String securityRuleProtcol, Integer protoMatchPriority) {
320 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
321 MatchBuilder matchBuilder = new MatchBuilder();
322 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
323 FlowBuilder flowBuilder = new FlowBuilder();
325 flowBuilder.setMatch(MatchUtils
326 .createDmacIpTcpSynMatch(matchBuilder, new MacAddress(attachedMac), null, null).build());
327 flowBuilder.setMatch(MatchUtils
328 .createTunnelIDMatch(matchBuilder, new BigInteger(segmentationId)).build());
330 logger.debug("MatchBuilder contains: {}", flowBuilder.getMatch());
331 String flowId = "EgressAllProto_" + segmentationId + "_" +
332 attachedMac + "_AllowEgressTCPSyn_" + securityRuleProtcol;
333 // Add Flow Attributes
334 flowBuilder.setId(new FlowId(flowId));
335 FlowKey key = new FlowKey(new FlowId(flowId));
336 flowBuilder.setStrict(false);
337 flowBuilder.setPriority(protoMatchPriority);
338 flowBuilder.setBarrier(true);
339 flowBuilder.setTableId(this.getTable());
340 flowBuilder.setKey(key);
341 flowBuilder.setFlowName(flowId);
342 flowBuilder.setHardTimeout(0);
343 flowBuilder.setIdleTimeout(0);
346 // Instantiate the Builders for the OF Actions and Instructions
347 InstructionBuilder ib = new InstructionBuilder();
348 InstructionsBuilder isb = new InstructionsBuilder();
349 List<Instruction> instructionsList = Lists.newArrayList();
351 ib = this.getMutablePipelineInstructionBuilder();
353 ib.setKey(new InstructionKey(0));
354 instructionsList.add(ib.build());
355 isb.setInstruction(instructionsList);
357 logger.debug("Instructions contain: {}", ib.getInstruction());
358 // Add InstructionsBuilder to FlowBuilder
359 flowBuilder.setInstructions(isb.build());
360 writeFlow(flowBuilder, nodeBuilder);
362 removeFlow(flowBuilder, nodeBuilder);
366 public void egressACLPermitAllProto(Long dpidLong, String segmentationId, String attachedMac,
367 boolean write, String securityRuleIpPrefix, Integer protoPortMatchPriority) {
369 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
370 Ipv4Prefix srcIpPrefix = new Ipv4Prefix(securityRuleIpPrefix);
371 MatchBuilder matchBuilder = new MatchBuilder();
372 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
373 FlowBuilder flowBuilder = new FlowBuilder();
375 flowBuilder.setMatch(MatchUtils.createTunnelIDMatch(matchBuilder, new BigInteger(segmentationId))
377 if (securityRuleIpPrefix != null) {
378 flowBuilder.setMatch(MatchUtils
379 .createSmacIpTcpSynMatch(matchBuilder, new MacAddress(attachedMac), null, srcIpPrefix)
382 flowBuilder.setMatch(MatchUtils
383 .createSmacIpTcpSynMatch(matchBuilder, new MacAddress(attachedMac), null, null)
386 logger.debug("MatchBuilder contains: {}", flowBuilder.getMatch());
387 String flowId = "Egress_Proto_ACL" + segmentationId + "_" +
388 attachedMac + "_Permit_" + securityRuleIpPrefix;
389 // Add Flow Attributes
390 flowBuilder.setId(new FlowId(flowId));
391 FlowKey key = new FlowKey(new FlowId(flowId));
392 flowBuilder.setStrict(false);
393 flowBuilder.setPriority(protoPortMatchPriority);
394 flowBuilder.setBarrier(true);
395 flowBuilder.setTableId(this.getTable());
396 flowBuilder.setKey(key);
397 flowBuilder.setFlowName(flowId);
398 flowBuilder.setHardTimeout(0);
399 flowBuilder.setIdleTimeout(0);
402 // Instantiate the Builders for the OF Actions and Instructions
403 InstructionBuilder ib = new InstructionBuilder();
404 InstructionsBuilder isb = new InstructionsBuilder();
405 List<Instruction> instructionsList = Lists.newArrayList();
407 ib = this.getMutablePipelineInstructionBuilder();
409 ib.setKey(new InstructionKey(0));
410 instructionsList.add(ib.build());
411 isb.setInstruction(instructionsList);
413 logger.debug("Instructions contain: {}", ib.getInstruction());
414 // Add InstructionsBuilder to FlowBuilder
415 flowBuilder.setInstructions(isb.build());
416 writeFlow(flowBuilder, nodeBuilder);
418 removeFlow(flowBuilder, nodeBuilder);
423 public void egressACLTcpSyn(Long dpidLong, String segmentationId, String attachedMac, boolean write,
424 Integer securityRulePortMin, Integer protoPortMatchPriority) {
426 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
427 PortNumber tcpPort = new PortNumber(securityRulePortMin);
428 MatchBuilder matchBuilder = new MatchBuilder();
429 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
430 FlowBuilder flowBuilder = new FlowBuilder();
432 flowBuilder.setMatch(MatchUtils.createSmacTcpSyn(matchBuilder, attachedMac, tcpPort,
433 Constants.TCP_SYN, segmentationId).build());
435 logger.debug("MatchBuilder contains: {}", flowBuilder.getMatch());
436 String flowId = "Ucast_this.getTable()" + segmentationId + "_" + attachedMac + securityRulePortMin;
437 // Add Flow Attributes
438 flowBuilder.setId(new FlowId(flowId));
439 FlowKey key = new FlowKey(new FlowId(flowId));
440 flowBuilder.setStrict(false);
441 flowBuilder.setPriority(protoPortMatchPriority);
442 flowBuilder.setBarrier(true);
443 flowBuilder.setTableId(this.getTable());
444 flowBuilder.setKey(key);
445 flowBuilder.setFlowName(flowId);
446 flowBuilder.setHardTimeout(0);
447 flowBuilder.setIdleTimeout(0);
450 // Instantiate the Builders for the OF Actions and Instructions
451 InstructionBuilder ib = new InstructionBuilder();
452 InstructionsBuilder isb = new InstructionsBuilder();
453 List<Instruction> instructionsList = Lists.newArrayList();
455 ib = this.getMutablePipelineInstructionBuilder();
457 ib.setKey(new InstructionKey(0));
458 instructionsList.add(ib.build());
459 isb.setInstruction(instructionsList);
461 logger.debug("Instructions contain: {}", ib.getInstruction());
462 // Add InstructionsBuilder to FlowBuilder
463 flowBuilder.setInstructions(isb.build());
464 writeFlow(flowBuilder, nodeBuilder);
466 removeFlow(flowBuilder, nodeBuilder);