2 * Copyright (C) 2014 Red Hat, Inc.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 * Authors : Madhu Venugopal
10 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
12 import java.math.BigInteger;
13 import java.util.List;
15 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
16 import org.opendaylight.neutron.spi.NeutronSecurityRule;
17 import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
18 import org.opendaylight.ovsdb.openstack.netvirt.api.EgressAclProvider;
19 import org.opendaylight.ovsdb.openstack.netvirt.api.RoutingProvider;
20 import org.opendaylight.ovsdb.openstack.netvirt.providers.ConfigInterface;
21 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.AbstractServiceInstance;
22 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
23 import org.opendaylight.ovsdb.utils.mdsal.openflow.InstructionUtils;
24 import org.opendaylight.ovsdb.utils.mdsal.openflow.MatchUtils;
25 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Prefix;
26 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.PortNumber;
27 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev100924.MacAddress;
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.FlowId;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowKey;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.InstructionsBuilder;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.Instruction;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.InstructionBuilder;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.InstructionKey;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
37 import org.osgi.framework.BundleContext;
38 import org.osgi.framework.ServiceReference;
39 import org.slf4j.Logger;
40 import org.slf4j.LoggerFactory;
42 import com.google.common.collect.Lists;
44 public class EgressAclService extends AbstractServiceInstance implements EgressAclProvider, ConfigInterface {
46 static final Logger logger = LoggerFactory.getLogger(EgressAclService.class);
48 public EgressAclService() {
49 super(Service.EGRESS_ACL);
52 public EgressAclService(Service service) {
57 public void programPortSecurityACL(Long dpid, String segmentationId, String attachedMac, long localPort,
58 NeutronSecurityGroup securityGroup) {
60 logger.trace("programLocalBridgeRulesWithSec neutronSecurityGroup: {} ", securityGroup);
61 List<NeutronSecurityRule> portSecurityList = securityGroup.getSecurityRules();
62 /* Iterate over the Port Security Rules in the Port Security Group bound to the port*/
63 for (NeutronSecurityRule portSecurityRule : portSecurityList) {
65 * Neutron Port Security ACL "egress" and "IPv4"
67 * Check that the base conditions for flow based Port Security are true:
68 * Port Security Rule Direction ("egress") and Protocol ("IPv4")
69 * Neutron defines the direction "ingress" as the vSwitch to the VM as defined in:
70 * http://docs.openstack.org/api/openstack-network/2.0/content/security_groups.html
73 if (portSecurityRule.getSecurityRuleEthertype().equalsIgnoreCase("IPv4") &&
74 portSecurityRule.getSecurityRuleDirection().equalsIgnoreCase("egress")) {
75 logger.debug("Egress IPV4 ACL Port Security Rule: {} ", portSecurityRule);
76 // ToDo: Implement Port Range
79 * TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
81 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
82 !String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
83 !String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
84 (!String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null") &&
85 !String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix())
86 .equalsIgnoreCase("0.0.0.0/0"))) {
88 "Rule #1 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
89 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
90 portSecurityRule.getSecurityRulePortMax(),
91 portSecurityRule.getSecurityRuleRemoteIpPrefix());
92 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac,
93 Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY_DROP,
95 egressACLTcpPortWithPrefix(dpid, segmentationId,
96 attachedMac, true, portSecurityRule.getSecurityRulePortMin(),
97 portSecurityRule.getSecurityRuleRemoteIpPrefix(),
98 Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY);
102 * TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
104 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
105 !String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
106 String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
107 (!String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null") &&
108 !String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix())
109 .equalsIgnoreCase("0.0.0.0/0"))) {
111 "Rule #2 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
112 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
113 portSecurityRule.getSecurityRulePortMax(),
114 portSecurityRule.getSecurityRuleRemoteIpPrefix());
115 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac,
116 Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY_DROP,
118 egressACLTcpPortWithPrefix(dpid, segmentationId,
119 attachedMac, true, portSecurityRule.getSecurityRulePortMin(),
120 portSecurityRule.getSecurityRuleRemoteIpPrefix(),
121 Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY);
125 * TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
127 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
128 String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
129 String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
130 !String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null")) {
132 "Rule #3 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
133 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
134 portSecurityRule.getSecurityRulePortMax(),
135 portSecurityRule.getSecurityRuleRemoteIpPrefix());
136 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac, Constants.PROTO_PREFIX_MATCH_PRIORITY_DROP,
138 egressACLPermitAllProto(dpid, segmentationId, attachedMac, true,
139 portSecurityRule.getSecurityRuleRemoteIpPrefix(), Constants.PROTO_PREFIX_MATCH_PRIORITY);
143 * TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
145 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("null") &&
146 String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
147 String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
148 (!String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null") &&
149 !String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix())
150 .equalsIgnoreCase("0.0.0.0/0"))) {
152 "Rule #4 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
153 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
154 portSecurityRule.getSecurityRulePortMax(),
155 portSecurityRule.getSecurityRuleRemoteIpPrefix());
156 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac, Constants.PREFIX_MATCH_PRIORITY_DROP, true);
157 egressACLPermitAllProto(dpid, segmentationId, attachedMac, true,
158 portSecurityRule.getSecurityRuleRemoteIpPrefix(), Constants.PREFIX_MATCH_PRIORITY);
162 * TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
164 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
165 !String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
166 !String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
167 String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null")) {
169 "Rule #5 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
170 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
171 portSecurityRule.getSecurityRulePortMax(),
172 portSecurityRule.getSecurityRuleRemoteIpPrefix());
173 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac, Constants.PROTO_PORT_MATCH_PRIORITY_DROP,
175 egressACLTcpSyn(dpid, segmentationId,
176 attachedMac, true, portSecurityRule.getSecurityRulePortMin(),
177 Constants.PROTO_PORT_MATCH_PRIORITY);
181 * TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
183 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
184 !String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
185 String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
186 String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null")) {
188 "Rule #6 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
189 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
190 portSecurityRule.getSecurityRulePortMax(),
191 portSecurityRule.getSecurityRuleRemoteIpPrefix());
192 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac,
193 Constants.PROTO_PORT_MATCH_PRIORITY_DROP, true);
194 egressACLTcpSyn(dpid, segmentationId, attachedMac, true,
195 portSecurityRule.getSecurityRulePortMin(), Constants.PROTO_PORT_MATCH_PRIORITY);
199 * TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
201 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
202 String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
203 String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
204 ((String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null")) ||
205 String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix())
206 .equalsIgnoreCase("0.0.0.0/0"))) {
208 "Rule #7 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
209 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
210 portSecurityRule.getSecurityRulePortMax(),
211 portSecurityRule.getSecurityRuleRemoteIpPrefix());
212 // No need to drop until UDP/ICMP are implemented
213 // egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac, PROTO_MATCH_PRIORITY_DROP, true);
214 egressAllowProto(dpid, segmentationId, attachedMac, true,
215 portSecurityRule.getSecurityRuleProtocol(), Constants.PROTO_MATCH_PRIORITY);
218 logger.debug("ACL Match combination not found for rule: {}", portSecurityRule);
223 public void egressACLDefaultTcpDrop(Long dpidLong, String segmentationId, String attachedMac,
224 int priority, boolean write) {
226 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
227 MatchBuilder matchBuilder = new MatchBuilder();
228 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
229 FlowBuilder flowBuilder = new FlowBuilder();
231 flowBuilder.setMatch(MatchUtils.createSmacTcpPortWithFlagMatch(matchBuilder,
232 attachedMac, Constants.TCP_SYN, segmentationId).build());
233 logger.debug("MatchBuilder contains: {}", flowBuilder.getMatch());
235 String flowId = "TCP_Syn_Egress_Default_Drop_" + segmentationId + "_" + attachedMac;
236 flowBuilder.setId(new FlowId(flowId));
237 FlowKey key = new FlowKey(new FlowId(flowId));
238 flowBuilder.setStrict(false);
239 flowBuilder.setPriority(priority);
240 flowBuilder.setBarrier(true);
241 flowBuilder.setTableId(this.getTable());
242 flowBuilder.setKey(key);
243 flowBuilder.setFlowName(flowId);
244 flowBuilder.setHardTimeout(0);
245 flowBuilder.setIdleTimeout(0);
248 // Instantiate the Builders for the OF Actions and Instructions
249 InstructionBuilder ib = new InstructionBuilder();
250 InstructionsBuilder isb = new InstructionsBuilder();
251 List<Instruction> instructions = Lists.newArrayList();
253 InstructionUtils.createDropInstructions(ib);
255 ib.setKey(new InstructionKey(0));
256 instructions.add(ib.build());
257 // Add InstructionBuilder to the Instruction(s)Builder List
258 isb.setInstruction(instructions);
260 logger.debug("Instructions contain: {}", ib.getInstruction());
261 // Add InstructionsBuilder to FlowBuilder
262 flowBuilder.setInstructions(isb.build());
263 writeFlow(flowBuilder, nodeBuilder);
265 removeFlow(flowBuilder, nodeBuilder);
269 public void egressACLTcpPortWithPrefix(Long dpidLong, String segmentationId, String attachedMac, boolean write,
270 Integer securityRulePortMin, String securityRuleIpPrefix, Integer protoPortPrefixMatchPriority) {
272 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
273 PortNumber tcpPort = new PortNumber(securityRulePortMin);
274 MatchBuilder matchBuilder = new MatchBuilder();
275 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
276 FlowBuilder flowBuilder = new FlowBuilder();
277 Ipv4Prefix srcIpPrefix = new Ipv4Prefix(securityRuleIpPrefix);
279 flowBuilder.setMatch(MatchUtils
280 .createSmacTcpSynDstIpPrefixTcpPort(matchBuilder, new MacAddress(attachedMac),
281 tcpPort, Constants.TCP_SYN, segmentationId, srcIpPrefix).build());
283 logger.debug(" MatchBuilder contains: {}", flowBuilder.getMatch());
284 String flowId = "UcastEgress_" + segmentationId + "_" + attachedMac +
285 securityRulePortMin + securityRuleIpPrefix;
286 // Add Flow Attributes
287 flowBuilder.setId(new FlowId(flowId));
288 FlowKey key = new FlowKey(new FlowId(flowId));
289 flowBuilder.setStrict(false);
290 flowBuilder.setPriority(protoPortPrefixMatchPriority);
291 flowBuilder.setBarrier(true);
292 flowBuilder.setTableId(this.getTable());
293 flowBuilder.setKey(key);
294 flowBuilder.setFlowName(flowId);
295 flowBuilder.setHardTimeout(0);
296 flowBuilder.setIdleTimeout(0);
299 // Instantiate the Builders for the OF Actions and Instructions
300 InstructionBuilder ib = new InstructionBuilder();
301 InstructionsBuilder isb = new InstructionsBuilder();
302 List<Instruction> instructionsList = Lists.newArrayList();
304 ib = this.getMutablePipelineInstructionBuilder();
306 ib.setKey(new InstructionKey(0));
307 instructionsList.add(ib.build());
308 isb.setInstruction(instructionsList);
310 logger.debug("Instructions contain: {}", ib.getInstruction());
311 // Add InstructionsBuilder to FlowBuilder
312 flowBuilder.setInstructions(isb.build());
313 writeFlow(flowBuilder, nodeBuilder);
315 removeFlow(flowBuilder, nodeBuilder);
321 public void egressAllowProto(Long dpidLong, String segmentationId, String attachedMac, boolean write,
322 String securityRuleProtcol, Integer protoMatchPriority) {
324 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
325 MatchBuilder matchBuilder = new MatchBuilder();
326 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
327 FlowBuilder flowBuilder = new FlowBuilder();
329 flowBuilder.setMatch(MatchUtils
330 .createDmacIpTcpSynMatch(matchBuilder, new MacAddress(attachedMac), null, null).build());
331 flowBuilder.setMatch(MatchUtils
332 .createTunnelIDMatch(matchBuilder, new BigInteger(segmentationId)).build());
334 logger.debug("MatchBuilder contains: {}", flowBuilder.getMatch());
335 String flowId = "EgressAllProto_" + segmentationId + "_" +
336 attachedMac + "_AllowEgressTCPSyn_" + securityRuleProtcol;
337 // Add Flow Attributes
338 flowBuilder.setId(new FlowId(flowId));
339 FlowKey key = new FlowKey(new FlowId(flowId));
340 flowBuilder.setStrict(false);
341 flowBuilder.setPriority(protoMatchPriority);
342 flowBuilder.setBarrier(true);
343 flowBuilder.setTableId(this.getTable());
344 flowBuilder.setKey(key);
345 flowBuilder.setFlowName(flowId);
346 flowBuilder.setHardTimeout(0);
347 flowBuilder.setIdleTimeout(0);
350 // Instantiate the Builders for the OF Actions and Instructions
351 InstructionBuilder ib = new InstructionBuilder();
352 InstructionsBuilder isb = new InstructionsBuilder();
353 List<Instruction> instructionsList = Lists.newArrayList();
355 ib = this.getMutablePipelineInstructionBuilder();
357 ib.setKey(new InstructionKey(0));
358 instructionsList.add(ib.build());
359 isb.setInstruction(instructionsList);
361 logger.debug("Instructions contain: {}", ib.getInstruction());
362 // Add InstructionsBuilder to FlowBuilder
363 flowBuilder.setInstructions(isb.build());
364 writeFlow(flowBuilder, nodeBuilder);
366 removeFlow(flowBuilder, nodeBuilder);
370 public void egressACLPermitAllProto(Long dpidLong, String segmentationId, String attachedMac,
371 boolean write, String securityRuleIpPrefix, Integer protoPortMatchPriority) {
373 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
374 Ipv4Prefix srcIpPrefix = new Ipv4Prefix(securityRuleIpPrefix);
375 MatchBuilder matchBuilder = new MatchBuilder();
376 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
377 FlowBuilder flowBuilder = new FlowBuilder();
379 flowBuilder.setMatch(MatchUtils.createTunnelIDMatch(matchBuilder, new BigInteger(segmentationId))
381 if (securityRuleIpPrefix != null) {
382 flowBuilder.setMatch(MatchUtils
383 .createSmacIpTcpSynMatch(matchBuilder, new MacAddress(attachedMac), null, srcIpPrefix)
386 flowBuilder.setMatch(MatchUtils
387 .createSmacIpTcpSynMatch(matchBuilder, new MacAddress(attachedMac), null, null)
390 logger.debug("MatchBuilder contains: {}", flowBuilder.getMatch());
391 String flowId = "Egress_Proto_ACL" + segmentationId + "_" +
392 attachedMac + "_Permit_" + securityRuleIpPrefix;
393 // Add Flow Attributes
394 flowBuilder.setId(new FlowId(flowId));
395 FlowKey key = new FlowKey(new FlowId(flowId));
396 flowBuilder.setStrict(false);
397 flowBuilder.setPriority(protoPortMatchPriority);
398 flowBuilder.setBarrier(true);
399 flowBuilder.setTableId(this.getTable());
400 flowBuilder.setKey(key);
401 flowBuilder.setFlowName(flowId);
402 flowBuilder.setHardTimeout(0);
403 flowBuilder.setIdleTimeout(0);
406 // Instantiate the Builders for the OF Actions and Instructions
407 InstructionBuilder ib = new InstructionBuilder();
408 InstructionsBuilder isb = new InstructionsBuilder();
409 List<Instruction> instructionsList = Lists.newArrayList();
411 ib = this.getMutablePipelineInstructionBuilder();
413 ib.setKey(new InstructionKey(0));
414 instructionsList.add(ib.build());
415 isb.setInstruction(instructionsList);
417 logger.debug("Instructions contain: {}", ib.getInstruction());
418 // Add InstructionsBuilder to FlowBuilder
419 flowBuilder.setInstructions(isb.build());
420 writeFlow(flowBuilder, nodeBuilder);
422 removeFlow(flowBuilder, nodeBuilder);
427 public void egressACLTcpSyn(Long dpidLong, String segmentationId, String attachedMac, boolean write,
428 Integer securityRulePortMin, Integer protoPortMatchPriority) {
430 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
431 PortNumber tcpPort = new PortNumber(securityRulePortMin);
432 MatchBuilder matchBuilder = new MatchBuilder();
433 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
434 FlowBuilder flowBuilder = new FlowBuilder();
436 flowBuilder.setMatch(MatchUtils.createSmacTcpSyn(matchBuilder, attachedMac, tcpPort,
437 Constants.TCP_SYN, segmentationId).build());
439 logger.debug("MatchBuilder contains: {}", flowBuilder.getMatch());
440 String flowId = "Ucast_this.getTable()" + segmentationId + "_" + attachedMac + securityRulePortMin;
441 // Add Flow Attributes
442 flowBuilder.setId(new FlowId(flowId));
443 FlowKey key = new FlowKey(new FlowId(flowId));
444 flowBuilder.setStrict(false);
445 flowBuilder.setPriority(protoPortMatchPriority);
446 flowBuilder.setBarrier(true);
447 flowBuilder.setTableId(this.getTable());
448 flowBuilder.setKey(key);
449 flowBuilder.setFlowName(flowId);
450 flowBuilder.setHardTimeout(0);
451 flowBuilder.setIdleTimeout(0);
454 // Instantiate the Builders for the OF Actions and Instructions
455 InstructionBuilder ib = new InstructionBuilder();
456 InstructionsBuilder isb = new InstructionsBuilder();
457 List<Instruction> instructionsList = Lists.newArrayList();
459 ib = this.getMutablePipelineInstructionBuilder();
461 ib.setKey(new InstructionKey(0));
462 instructionsList.add(ib.build());
463 isb.setInstruction(instructionsList);
465 logger.debug("Instructions contain: {}", ib.getInstruction());
466 // Add InstructionsBuilder to FlowBuilder
467 flowBuilder.setInstructions(isb.build());
468 writeFlow(flowBuilder, nodeBuilder);
470 removeFlow(flowBuilder, nodeBuilder);
475 public void setDependencies(BundleContext bundleContext, ServiceReference serviceReference) {
476 super.setOrchestrator(bundleContext.getServiceReference(EgressAclProvider.class.getName()), this);
480 public void setDependencies(Object impl) {}
Code Review / netvirt.git / blob