2 * Copyright (C) 2014 Red Hat, Inc.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 * Authors : Madhu Venugopal
10 package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.services;
12 import org.opendaylight.controller.networkconfig.neutron.NeutronSecurityGroup;
13 import org.opendaylight.controller.networkconfig.neutron.NeutronSecurityRule;
14 import org.opendaylight.controller.sal.core.Node;
15 import org.opendaylight.ovsdb.openstack.netvirt.api.Constants;
16 import org.opendaylight.ovsdb.openstack.netvirt.api.EgressAclProvider;
17 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.AbstractServiceInstance;
18 import org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13.Service;
19 import org.opendaylight.ovsdb.utils.mdsal.openflow.InstructionUtils;
20 import org.opendaylight.ovsdb.utils.mdsal.openflow.MatchUtils;
21 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Prefix;
22 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.PortNumber;
23 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev100924.MacAddress;
24 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.FlowId;
25 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
26 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowKey;
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.InstructionsBuilder;
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.Instruction;
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.InstructionBuilder;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.InstructionKey;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
34 import com.google.common.collect.Lists;
36 import org.slf4j.Logger;
37 import org.slf4j.LoggerFactory;
39 import java.math.BigInteger;
40 import java.util.List;
42 public class EgressAclService extends AbstractServiceInstance implements EgressAclProvider {
44 static final Logger logger = LoggerFactory.getLogger(EgressAclService.class);
46 public EgressAclService() {
47 super(Service.EGRESS_ACL);
50 public EgressAclService(Service service) {
56 public boolean isBridgeInPipeline (String nodeId) {
61 public void programPortSecurityACL(Node node, Long dpid, String segmentationId, String attachedMac, long localPort,
62 NeutronSecurityGroup securityGroup) {
64 logger.trace("programLocalBridgeRulesWithSec neutronSecurityGroup: {} ", securityGroup);
65 List<NeutronSecurityRule> portSecurityList = securityGroup.getSecurityRules();
66 /* Iterate over the Port Security Rules in the Port Security Group bound to the port*/
67 for (NeutronSecurityRule portSecurityRule : portSecurityList) {
69 * Neutron Port Security ACL "egress" and "IPv4"
71 * Check that the base conditions for flow based Port Security are true:
72 * Port Security Rule Direction ("egress") and Protocol ("IPv4")
73 * Neutron defines the direction "ingress" as the vSwitch to the VM as defined in:
74 * http://docs.openstack.org/api/openstack-network/2.0/content/security_groups.html
77 if (portSecurityRule.getSecurityRuleEthertype().equalsIgnoreCase("IPv4") &&
78 portSecurityRule.getSecurityRuleDirection().equalsIgnoreCase("egress")) {
79 logger.debug("Egress IPV4 ACL Port Security Rule: {} ", portSecurityRule);
80 // ToDo: Implement Port Range
83 * TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (True)
85 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
86 !String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
87 !String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
88 (!String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null") &&
89 !String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix())
90 .equalsIgnoreCase("0.0.0.0/0"))) {
92 "Rule #1 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
93 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
94 portSecurityRule.getSecurityRulePortMax(),
95 portSecurityRule.getSecurityRuleRemoteIpPrefix());
96 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac,
97 Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY_DROP,
99 egressACLTcpPortWithPrefix(dpid, segmentationId,
100 attachedMac, true, portSecurityRule.getSecurityRulePortMin(),
101 portSecurityRule.getSecurityRuleRemoteIpPrefix(),
102 Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY);
106 * TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (True)
108 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
109 !String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
110 String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
111 (!String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null") &&
112 !String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix())
113 .equalsIgnoreCase("0.0.0.0/0"))) {
115 "Rule #2 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
116 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
117 portSecurityRule.getSecurityRulePortMax(),
118 portSecurityRule.getSecurityRuleRemoteIpPrefix());
119 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac,
120 Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY_DROP,
122 egressACLTcpPortWithPrefix(dpid, segmentationId,
123 attachedMac, true, portSecurityRule.getSecurityRulePortMin(),
124 portSecurityRule.getSecurityRuleRemoteIpPrefix(),
125 Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY);
129 * TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
131 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
132 String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
133 String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
134 !String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null")) {
136 "Rule #3 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
137 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
138 portSecurityRule.getSecurityRulePortMax(),
139 portSecurityRule.getSecurityRuleRemoteIpPrefix());
140 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac, Constants.PROTO_PREFIX_MATCH_PRIORITY_DROP,
142 egressACLPermitAllProto(dpid, segmentationId, attachedMac, true,
143 portSecurityRule.getSecurityRuleRemoteIpPrefix(), Constants.PROTO_PREFIX_MATCH_PRIORITY);
147 * TCP Proto (False), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (True)
149 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("null") &&
150 String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
151 String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
152 (!String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null") &&
153 !String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix())
154 .equalsIgnoreCase("0.0.0.0/0"))) {
156 "Rule #4 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
157 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
158 portSecurityRule.getSecurityRulePortMax(),
159 portSecurityRule.getSecurityRuleRemoteIpPrefix());
160 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac, Constants.PREFIX_MATCH_PRIORITY_DROP, true);
161 egressACLPermitAllProto(dpid, segmentationId, attachedMac, true,
162 portSecurityRule.getSecurityRuleRemoteIpPrefix(), Constants.PREFIX_MATCH_PRIORITY);
166 * TCP Proto (True), TCP Port Minimum (True), TCP Port Max (True), IP Prefix (False)
168 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
169 !String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
170 !String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
171 String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null")) {
173 "Rule #5 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
174 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
175 portSecurityRule.getSecurityRulePortMax(),
176 portSecurityRule.getSecurityRuleRemoteIpPrefix());
177 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac, Constants.PROTO_PORT_MATCH_PRIORITY_DROP,
179 egressACLTcpSyn(dpid, segmentationId,
180 attachedMac, true, portSecurityRule.getSecurityRulePortMin(),
181 Constants.PROTO_PORT_MATCH_PRIORITY);
185 * TCP Proto (True), TCP Port Minimum (True), TCP Port Max (False), IP Prefix (False)
187 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
188 !String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
189 String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
190 String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null")) {
192 "Rule #6 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
193 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
194 portSecurityRule.getSecurityRulePortMax(),
195 portSecurityRule.getSecurityRuleRemoteIpPrefix());
196 egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac,
197 Constants.PROTO_PORT_MATCH_PRIORITY_DROP, true);
198 egressACLTcpSyn(dpid, segmentationId, attachedMac, true,
199 portSecurityRule.getSecurityRulePortMin(), Constants.PROTO_PORT_MATCH_PRIORITY);
203 * TCP Proto (True), TCP Port Minimum (False), TCP Port Max (False), IP Prefix (False or 0.0.0.0/0)
205 if (String.valueOf(portSecurityRule.getSecurityRuleProtocol()).equalsIgnoreCase("tcp") &&
206 String.valueOf(portSecurityRule.getSecurityRulePortMin()).equalsIgnoreCase("null") &&
207 String.valueOf(portSecurityRule.getSecurityRulePortMax()).equalsIgnoreCase("null") &&
208 ((String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix()).equalsIgnoreCase("null")) ||
209 String.valueOf(portSecurityRule.getSecurityRuleRemoteIpPrefix())
210 .equalsIgnoreCase("0.0.0.0/0"))) {
212 "Rule #7 egress PortSec Rule Matches -> TCP Protocol: {}, TCP Port Min: {}, TCP Port Max: {}, IP Prefix: {}",
213 portSecurityRule.getSecurityRuleProtocol(), portSecurityRule.getSecurityRulePortMin(),
214 portSecurityRule.getSecurityRulePortMax(),
215 portSecurityRule.getSecurityRuleRemoteIpPrefix());
216 // No need to drop until UDP/ICMP are implemented
217 // egressACLDefaultTcpDrop(dpid, segmentationId, attachedMac, PROTO_MATCH_PRIORITY_DROP, true);
218 egressAllowProto(dpid, segmentationId, attachedMac, true,
219 portSecurityRule.getSecurityRuleProtocol(), Constants.PROTO_MATCH_PRIORITY);
222 logger.debug("ACL Match combination not found for rule: {}", portSecurityRule);
227 public void egressACLDefaultTcpDrop(Long dpidLong, String segmentationId, String attachedMac,
228 int priority, boolean write) {
230 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
231 MatchBuilder matchBuilder = new MatchBuilder();
232 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
233 FlowBuilder flowBuilder = new FlowBuilder();
235 flowBuilder.setMatch(MatchUtils.createSmacTcpPortWithFlagMatch(matchBuilder,
236 attachedMac, Constants.TCP_SYN, segmentationId).build());
237 logger.debug("MatchBuilder contains: {}", flowBuilder.getMatch());
239 String flowId = "TCP_Syn_Egress_Default_Drop_" + attachedMac;
240 flowBuilder.setId(new FlowId(flowId));
241 FlowKey key = new FlowKey(new FlowId(flowId));
242 flowBuilder.setStrict(false);
243 flowBuilder.setPriority(priority);
244 flowBuilder.setBarrier(true);
245 flowBuilder.setTableId(this.getTable());
246 flowBuilder.setKey(key);
247 flowBuilder.setFlowName(flowId);
248 flowBuilder.setHardTimeout(0);
249 flowBuilder.setIdleTimeout(0);
252 // Instantiate the Builders for the OF Actions and Instructions
253 InstructionBuilder ib = new InstructionBuilder();
254 InstructionsBuilder isb = new InstructionsBuilder();
255 List<Instruction> instructions = Lists.newArrayList();
257 InstructionUtils.createDropInstructions(ib);
259 ib.setKey(new InstructionKey(0));
260 instructions.add(ib.build());
261 // Add InstructionBuilder to the Instruction(s)Builder List
262 isb.setInstruction(instructions);
264 logger.debug("Instructions contain: {}", ib.getInstruction());
265 // Add InstructionsBuilder to FlowBuilder
266 flowBuilder.setInstructions(isb.build());
267 writeFlow(flowBuilder, nodeBuilder);
269 removeFlow(flowBuilder, nodeBuilder);
273 public void egressACLTcpPortWithPrefix(Long dpidLong, String segmentationId, String attachedMac, boolean write,
274 Integer securityRulePortMin, String securityRuleIpPrefix, Integer protoPortPrefixMatchPriority) {
276 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
277 PortNumber tcpPort = new PortNumber(securityRulePortMin);
278 MatchBuilder matchBuilder = new MatchBuilder();
279 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
280 FlowBuilder flowBuilder = new FlowBuilder();
281 Ipv4Prefix srcIpPrefix = new Ipv4Prefix(securityRuleIpPrefix);
283 flowBuilder.setMatch(MatchUtils
284 .createSmacTcpSynDstIpPrefixTcpPort(matchBuilder, new MacAddress(attachedMac),
285 tcpPort, Constants.TCP_SYN, segmentationId, srcIpPrefix).build());
287 logger.debug(" MatchBuilder contains: {}", flowBuilder.getMatch());
288 String flowId = "UcastEgress_" + segmentationId + "_" + attachedMac +
289 securityRulePortMin + securityRuleIpPrefix;
290 // Add Flow Attributes
291 flowBuilder.setId(new FlowId(flowId));
292 FlowKey key = new FlowKey(new FlowId(flowId));
293 flowBuilder.setStrict(false);
294 flowBuilder.setPriority(protoPortPrefixMatchPriority);
295 flowBuilder.setBarrier(true);
296 flowBuilder.setTableId(this.getTable());
297 flowBuilder.setKey(key);
298 flowBuilder.setFlowName(flowId);
299 flowBuilder.setHardTimeout(0);
300 flowBuilder.setIdleTimeout(0);
303 // Instantiate the Builders for the OF Actions and Instructions
304 InstructionBuilder ib = new InstructionBuilder();
305 InstructionsBuilder isb = new InstructionsBuilder();
306 List<Instruction> instructionsList = Lists.newArrayList();
308 ib = this.getMutablePipelineInstructionBuilder();
310 ib.setKey(new InstructionKey(0));
311 instructionsList.add(ib.build());
312 isb.setInstruction(instructionsList);
314 logger.debug("Instructions contain: {}", ib.getInstruction());
315 // Add InstructionsBuilder to FlowBuilder
316 flowBuilder.setInstructions(isb.build());
317 writeFlow(flowBuilder, nodeBuilder);
319 removeFlow(flowBuilder, nodeBuilder);
325 public void egressAllowProto(Long dpidLong, String segmentationId, String attachedMac, boolean write,
326 String securityRuleProtcol, Integer protoMatchPriority) {
328 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
329 MatchBuilder matchBuilder = new MatchBuilder();
330 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
331 FlowBuilder flowBuilder = new FlowBuilder();
333 flowBuilder.setMatch(MatchUtils
334 .createDmacIpTcpSynMatch(matchBuilder, new MacAddress(attachedMac), null, null).build());
335 flowBuilder.setMatch(MatchUtils
336 .createTunnelIDMatch(matchBuilder, new BigInteger(segmentationId)).build());
338 logger.debug("MatchBuilder contains: {}", flowBuilder.getMatch());
339 String flowId = "EgressAllProto_" + segmentationId + "_" +
340 attachedMac + "_AllowEgressTCPSyn_" + securityRuleProtcol;
341 // Add Flow Attributes
342 flowBuilder.setId(new FlowId(flowId));
343 FlowKey key = new FlowKey(new FlowId(flowId));
344 flowBuilder.setStrict(false);
345 flowBuilder.setPriority(protoMatchPriority);
346 flowBuilder.setBarrier(true);
347 flowBuilder.setTableId(this.getTable());
348 flowBuilder.setKey(key);
349 flowBuilder.setFlowName(flowId);
350 flowBuilder.setHardTimeout(0);
351 flowBuilder.setIdleTimeout(0);
354 // Instantiate the Builders for the OF Actions and Instructions
355 InstructionBuilder ib = new InstructionBuilder();
356 InstructionsBuilder isb = new InstructionsBuilder();
357 List<Instruction> instructionsList = Lists.newArrayList();
359 ib = this.getMutablePipelineInstructionBuilder();
361 ib.setKey(new InstructionKey(0));
362 instructionsList.add(ib.build());
363 isb.setInstruction(instructionsList);
365 logger.debug("Instructions contain: {}", ib.getInstruction());
366 // Add InstructionsBuilder to FlowBuilder
367 flowBuilder.setInstructions(isb.build());
368 writeFlow(flowBuilder, nodeBuilder);
370 removeFlow(flowBuilder, nodeBuilder);
374 public void egressACLPermitAllProto(Long dpidLong, String segmentationId, String attachedMac,
375 boolean write, String securityRuleIpPrefix, Integer protoPortMatchPriority) {
377 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
378 Ipv4Prefix srcIpPrefix = new Ipv4Prefix(securityRuleIpPrefix);
379 MatchBuilder matchBuilder = new MatchBuilder();
380 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
381 FlowBuilder flowBuilder = new FlowBuilder();
383 flowBuilder.setMatch(MatchUtils.createTunnelIDMatch(matchBuilder, new BigInteger(segmentationId))
385 if (securityRuleIpPrefix != null) {
386 flowBuilder.setMatch(MatchUtils
387 .createSmacIpTcpSynMatch(matchBuilder, new MacAddress(attachedMac), null, srcIpPrefix)
390 flowBuilder.setMatch(MatchUtils
391 .createSmacIpTcpSynMatch(matchBuilder, new MacAddress(attachedMac), null, null)
394 logger.debug("MatchBuilder contains: {}", flowBuilder.getMatch());
395 String flowId = "Egress_Proto_ACL" + segmentationId + "_" +
396 attachedMac + "_Permit_" + securityRuleIpPrefix;
397 // Add Flow Attributes
398 flowBuilder.setId(new FlowId(flowId));
399 FlowKey key = new FlowKey(new FlowId(flowId));
400 flowBuilder.setStrict(false);
401 flowBuilder.setPriority(protoPortMatchPriority);
402 flowBuilder.setBarrier(true);
403 flowBuilder.setTableId(this.getTable());
404 flowBuilder.setKey(key);
405 flowBuilder.setFlowName(flowId);
406 flowBuilder.setHardTimeout(0);
407 flowBuilder.setIdleTimeout(0);
410 // Instantiate the Builders for the OF Actions and Instructions
411 InstructionBuilder ib = new InstructionBuilder();
412 InstructionsBuilder isb = new InstructionsBuilder();
413 List<Instruction> instructionsList = Lists.newArrayList();
415 ib = this.getMutablePipelineInstructionBuilder();
417 ib.setKey(new InstructionKey(0));
418 instructionsList.add(ib.build());
419 isb.setInstruction(instructionsList);
421 logger.debug("Instructions contain: {}", ib.getInstruction());
422 // Add InstructionsBuilder to FlowBuilder
423 flowBuilder.setInstructions(isb.build());
424 writeFlow(flowBuilder, nodeBuilder);
426 removeFlow(flowBuilder, nodeBuilder);
431 public void egressACLTcpSyn(Long dpidLong, String segmentationId, String attachedMac, boolean write,
432 Integer securityRulePortMin, Integer protoPortMatchPriority) {
434 String nodeName = Constants.OPENFLOW_NODE_PREFIX + dpidLong;
435 PortNumber tcpPort = new PortNumber(securityRulePortMin);
436 MatchBuilder matchBuilder = new MatchBuilder();
437 NodeBuilder nodeBuilder = createNodeBuilder(nodeName);
438 FlowBuilder flowBuilder = new FlowBuilder();
440 flowBuilder.setMatch(MatchUtils.createSmacTcpSyn(matchBuilder, attachedMac, tcpPort,
441 Constants.TCP_SYN, segmentationId).build());
443 logger.debug("MatchBuilder contains: {}", flowBuilder.getMatch());
444 String flowId = "Ucast_this.getTable()" + segmentationId + "_" + attachedMac + securityRulePortMin;
445 // Add Flow Attributes
446 flowBuilder.setId(new FlowId(flowId));
447 FlowKey key = new FlowKey(new FlowId(flowId));
448 flowBuilder.setStrict(false);
449 flowBuilder.setPriority(protoPortMatchPriority);
450 flowBuilder.setBarrier(true);
451 flowBuilder.setTableId(this.getTable());
452 flowBuilder.setKey(key);
453 flowBuilder.setFlowName(flowId);
454 flowBuilder.setHardTimeout(0);
455 flowBuilder.setIdleTimeout(0);
458 // Instantiate the Builders for the OF Actions and Instructions
459 InstructionBuilder ib = new InstructionBuilder();
460 InstructionsBuilder isb = new InstructionsBuilder();
461 List<Instruction> instructionsList = Lists.newArrayList();
463 ib = this.getMutablePipelineInstructionBuilder();
465 ib.setKey(new InstructionKey(0));
466 instructionsList.add(ib.build());
467 isb.setInstruction(instructionsList);
469 logger.debug("Instructions contain: {}", ib.getInstruction());
470 // Add InstructionsBuilder to FlowBuilder
471 flowBuilder.setInstructions(isb.build());
472 writeFlow(flowBuilder, nodeBuilder);
474 removeFlow(flowBuilder, nodeBuilder);