2 * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow;
11 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.addNxRegMatch;
12 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.applyActionIns;
13 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.instructions;
14 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxOutputRegAction;
16 import java.util.ArrayList;
17 import java.util.Collections;
18 import java.util.Comparator;
19 import java.util.HashMap;
20 import java.util.HashSet;
21 import java.util.List;
25 import javax.annotation.concurrent.Immutable;
27 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.OfContext;
28 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.PolicyManager.FlowMap;
29 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.RegMatch;
30 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.OrdinalFactory.EndpointFwdCtxOrdinals;
31 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.node.SwitchManager;
32 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.Action;
33 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.AllowAction;
34 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.ClassificationResult;
35 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.Classifier;
36 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.ParamDerivator;
37 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.SubjectFeatures;
38 import org.opendaylight.groupbasedpolicy.resolver.EgKey;
39 import org.opendaylight.groupbasedpolicy.resolver.EndpointConstraint;
40 import org.opendaylight.groupbasedpolicy.resolver.IndexedTenant;
41 import org.opendaylight.groupbasedpolicy.resolver.Policy;
42 import org.opendaylight.groupbasedpolicy.resolver.PolicyInfo;
43 import org.opendaylight.groupbasedpolicy.resolver.RuleGroup;
44 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpPrefix;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.list.ActionBuilder;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.FlowId;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.Flow;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.Match;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierDefinitionId;
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ConditionName;
53 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
54 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoints.Endpoint;
55 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
56 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRef;
57 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
58 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;
59 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup;
60 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup.IntraGroupPolicy;
61 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.Rule;
62 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ActionInstance;
63 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstance;
64 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
65 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeId;
66 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Layer3Match;
67 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv4MatchBuilder;
68 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv6MatchBuilder;
69 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg0;
70 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg1;
71 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg2;
72 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg3;
73 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg5;
74 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg7;
75 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.overlay.rev150105.TunnelTypeVxlan;
76 import org.slf4j.Logger;
77 import org.slf4j.LoggerFactory;
79 import com.google.common.collect.ComparisonChain;
80 import com.google.common.collect.Ordering;
81 import com.google.common.collect.Table.Cell;
84 * Manage the table that enforces policy on the traffic. Traffic is denied
85 * unless specifically allowed by policy
87 public class PolicyEnforcer extends FlowTable {
89 protected static final Logger LOG = LoggerFactory.getLogger(PolicyEnforcer.class);
91 public static short TABLE_ID = 3;
93 public PolicyEnforcer(OfContext ctx, short tableId) {
95 this.TABLE_ID=tableId;
100 public short getTableId() {
105 public void sync(NodeId nodeId, PolicyInfo policyInfo, FlowMap flowMap) throws Exception {
107 flowMap.writeFlow(nodeId, TABLE_ID, dropFlow(Integer.valueOf(1), null));
109 NodeConnectorId tunPort = SwitchManager.getTunnelPort(nodeId, TunnelTypeVxlan.class);
110 if (tunPort != null) {
111 flowMap.writeFlow(nodeId, TABLE_ID, allowFromTunnel(tunPort));
114 HashSet<CgPair> visitedPairs = new HashSet<>();
116 // Used for ARP flows
117 Set<Integer> fdIds = new HashSet<>();
119 for (Endpoint srcEp : ctx.getEndpointManager().getEndpointsForNode(nodeId)) {
120 for (EgKey srcEpgKey : ctx.getEndpointManager().getEgKeysForEndpoint(srcEp)) {
121 Set<EgKey> peers = policyInfo.getPeers(srcEpgKey);
122 for (EgKey dstEpgKey : peers) {
123 for (Endpoint dstEp : ctx.getEndpointManager().getEndpointsForGroup(dstEpgKey)) {
125 EndpointFwdCtxOrdinals srcEpFwdCxtOrds = OrdinalFactory.getEndpointFwdCtxOrdinals(ctx,
127 EndpointFwdCtxOrdinals dstEpFwdCxtOrds = OrdinalFactory.getEndpointFwdCtxOrdinals(ctx,
129 int dcgId = dstEpFwdCxtOrds.getCgId();
130 int depgId = dstEpFwdCxtOrds.getEpgId();
131 int scgId = srcEpFwdCxtOrds.getCgId();
132 int sepgId = srcEpFwdCxtOrds.getEpgId();
133 NetworkElements netElements = new NetworkElements(srcEp, dstEp, nodeId, ctx, policyInfo);
134 fdIds.add(srcEpFwdCxtOrds.getFdId());
136 Policy policy = policyInfo.getPolicy(dstEpgKey, srcEpgKey);
137 for (Cell<EndpointConstraint, EndpointConstraint, List<RuleGroup>> activeRulesByConstraints: getActiveRulesBetweenEps(policy, dstEp, srcEp)) {
138 Set<IpPrefix> sIpPrefixes = Policy.getIpPrefixesFrom(activeRulesByConstraints.getRowKey()
140 Set<IpPrefix> dIpPrefixes = Policy.getIpPrefixesFrom(activeRulesByConstraints.getColumnKey()
142 CgPair p = new CgPair(depgId, sepgId, dcgId, scgId, dIpPrefixes, sIpPrefixes);
143 if (visitedPairs.contains(p))
146 syncPolicy(flowMap, netElements, activeRulesByConstraints.getValue(), p);
150 policy = policyInfo.getPolicy(srcEpgKey, dstEpgKey);
151 for (Cell<EndpointConstraint, EndpointConstraint, List<RuleGroup>> activeRulesByConstraints : getActiveRulesBetweenEps(policy, srcEp, dstEp)) {
152 Set<IpPrefix> sIpPrefixes = Policy.getIpPrefixesFrom(activeRulesByConstraints.getRowKey()
154 Set<IpPrefix> dIpPrefixes = Policy.getIpPrefixesFrom(activeRulesByConstraints.getColumnKey()
156 CgPair p = new CgPair(sepgId, depgId, scgId, dcgId, sIpPrefixes, dIpPrefixes);
157 if (visitedPairs.contains(p))
160 syncPolicy(flowMap, netElements, activeRulesByConstraints.getValue(), p);
168 // Set<Endpoint> visitedEps = new HashSet<>();
169 for (Endpoint srcEp : ctx.getEndpointManager().getEndpointsForNode(nodeId)) {
170 // visitedEps.add(srcEp);
171 for (EgKey srcEpgKey : ctx.getEndpointManager().getEgKeysForEndpoint(srcEp)) {
173 IndexedTenant tenant = ctx.getPolicyResolver().getTenant(srcEpgKey.getTenantId());
174 EndpointGroup group = tenant.getEndpointGroup(srcEpgKey.getEgId());
175 IntraGroupPolicy igp = group.getIntraGroupPolicy();
177 if (igp == null || igp.equals(IntraGroupPolicy.Allow)) {
178 for (Endpoint dstEp : ctx.getEndpointManager().getEndpointsForGroup(srcEpgKey)) {
180 // if(visitedEps.contains(dstEp)) {
183 // visitedEps.add(dstEp);
184 EndpointFwdCtxOrdinals srcEpFwdCxtOrds = OrdinalFactory.getEndpointFwdCtxOrdinals(ctx,
186 EndpointFwdCtxOrdinals dstEpFwdCxtOrds = OrdinalFactory.getEndpointFwdCtxOrdinals(ctx,
188 int depgId = dstEpFwdCxtOrds.getEpgId();
189 int sepgId = srcEpFwdCxtOrds.getEpgId();
190 flowMap.writeFlow(nodeId, TABLE_ID, allowSameEpg(sepgId, depgId));
191 flowMap.writeFlow(nodeId, TABLE_ID, allowSameEpg(depgId, sepgId));
197 // Write ARP flows per flood domain.
198 for (Integer fdId : fdIds) {
199 flowMap.writeFlow(nodeId, TABLE_ID, createArpFlow(fdId));
203 private Flow createArpFlow(Integer fdId) {
205 Long etherType = FlowUtils.ARP;
206 // L2 Classifier so 20,000 for now
207 Integer priority = 20000;
208 FlowId flowid = new FlowId(new StringBuilder().append("arp")
215 MatchBuilder mb = new MatchBuilder().setEthernetMatch(FlowUtils.ethernetMatch(null, null, etherType));
217 addNxRegMatch(mb, RegMatch.of(NxmNxReg5.class, Long.valueOf(fdId)));
219 Flow flow = base().setPriority(priority)
221 .setMatch(mb.build())
222 .setInstructions(instructions(applyActionIns(nxOutputRegAction(NxmNxReg7.class))))
227 private Flow allowSameEpg(int sepgId, int depgId) {
229 FlowId flowId = new FlowId(new StringBuilder().append("intraallow|").append(sepgId).toString());
230 MatchBuilder mb = new MatchBuilder();
231 addNxRegMatch(mb, RegMatch.of(NxmNxReg0.class, Long.valueOf(sepgId)),
232 RegMatch.of(NxmNxReg2.class, Long.valueOf(depgId)));
233 FlowBuilder flow = base().setId(flowId)
234 .setMatch(mb.build())
236 .setInstructions(instructions(applyActionIns(nxOutputRegAction(NxmNxReg7.class))));
240 private Flow allowFromTunnel(NodeConnectorId tunPort) {
242 FlowId flowId = new FlowId("tunnelallow");
243 MatchBuilder mb = new MatchBuilder().setInPort(tunPort);
244 addNxRegMatch(mb, RegMatch.of(NxmNxReg1.class, Long.valueOf(0xffffff)));
245 FlowBuilder flow = base().setId(flowId)
246 .setMatch(mb.build())
248 .setInstructions(instructions(applyActionIns(nxOutputRegAction(NxmNxReg7.class))));
253 private void syncPolicy(FlowMap flowMap, NetworkElements netElements, List<RuleGroup> rgs, CgPair p) {
254 int priority = 65000;
255 for (RuleGroup rg : rgs) {
256 TenantId tenantId = rg.getContractTenant().getId();
257 IndexedTenant tenant = ctx.getPolicyResolver().getTenant(tenantId);
258 for (Rule r : rg.getRules()) {
259 syncDirection(flowMap, netElements, tenant, p, r, Direction.In, priority);
260 syncDirection(flowMap, netElements, tenant, p, r, Direction.Out, priority);
268 * Private internal class for ordering Actions in Rules. The order is
269 * determined first by the value of the order parameter, with the lower
270 * order actions being applied first; for Actions with either the same order
271 * or no order, ordering is lexicographical by name.
273 private static class ActionRefComparator implements Comparator<ActionRef> {
275 public static final ActionRefComparator INSTANCE = new ActionRefComparator();
278 public int compare(ActionRef arg0, ActionRef arg1) {
279 return ComparisonChain.start()
280 .compare(arg0.getOrder(), arg1.getOrder(), Ordering.natural().nullsLast())
281 .compare(arg0.getName().getValue(), arg1.getName().getValue(), Ordering.natural().nullsLast())
287 private void syncDirection(FlowMap flowMap, NetworkElements netElements, IndexedTenant contractTenant, CgPair cgPair, Rule rule,
288 Direction direction, int priority) {
290 * Create the ordered action list. The implicit action is "allow", and
291 * is therefore always in the list
293 * TODO: revisit implicit vs. default for "allow" TODO: look into
294 * incorporating operational policy for actions
297 // TODO: can pass Comparator ActionRefComparator to List constructor, rather than
298 // referencing in sort
299 List<ActionBuilder> actionBuilderList = new ArrayList<ActionBuilder>();
300 if (rule.getActionRef() != null) {
302 * Pre-sort by references using order, then name
304 List<ActionRef> arl = new ArrayList<ActionRef>(rule.getActionRef());
305 Collections.sort(arl, ActionRefComparator.INSTANCE);
307 for (ActionRef actionRule : arl) {
308 ActionInstance actionInstance = contractTenant.getAction(actionRule.getName());
309 if (actionInstance == null) {
310 // XXX TODO fail the match and raise an exception
311 LOG.warn("Action instance {} not found", actionRule.getName().getValue());
314 Action action = SubjectFeatures.getAction(actionInstance.getActionDefinitionId());
315 if (action == null) {
316 // XXX TODO fail the match and raise an exception
317 LOG.warn("Action definition {} not found", actionInstance.getActionDefinitionId().getValue());
321 Map<String, Object> params = new HashMap<>();
322 if (actionInstance.getParameterValue() != null) {
323 for (ParameterValue v : actionInstance.getParameterValue()) {
324 if (v.getName() == null)
326 if (v.getIntValue() != null) {
327 params.put(v.getName().getValue(), v.getIntValue());
328 } else if (v.getStringValue() != null) {
329 params.put(v.getName().getValue(), v.getStringValue());
334 * Convert the GBP Action to one or more OpenFlow Actions
336 actionBuilderList = action.updateAction(actionBuilderList, params, actionRule.getOrder(),netElements);
339 Action act = SubjectFeatures.getAction(AllowAction.DEFINITION.getId());
340 actionBuilderList = act.updateAction(actionBuilderList, new HashMap<String, Object>(), 0, netElements);
343 Map<String, ParameterValue> paramsFromClassifier = new HashMap<>();
344 Set<ClassifierDefinitionId> classifiers = new HashSet<>();
345 for (ClassifierRef cr : rule.getClassifierRef()) {
346 if (cr.getDirection() != null && !cr.getDirection().equals(Direction.Bidirectional)
347 && !cr.getDirection().equals(direction)) {
351 // XXX - TODO - implement connection tracking (requires openflow
352 // extension and data plane support - in 2.4. Will need to handle
353 // case where we are working with mix of nodes.
355 ClassifierInstance ci = contractTenant.getClassifier(cr.getName());
357 // XXX TODO fail the match and raise an exception
358 LOG.warn("Classifier instance {} not found", cr.getName().getValue());
361 Classifier cfier = SubjectFeatures.getClassifier(ci.getClassifierDefinitionId());
363 // XXX TODO fail the match and raise an exception
364 LOG.warn("Classifier definition {} not found", ci.getClassifierDefinitionId().getValue());
367 classifiers.add(new ClassifierDefinitionId(ci.getClassifierDefinitionId()));
368 for (ParameterValue v : ci.getParameterValue()) {
369 if (paramsFromClassifier.get(v.getName().getValue()) == null) {
370 if (v.getIntValue() != null
371 || v.getStringValue() != null
372 || v.getRangeValue() != null) {
373 paramsFromClassifier.put(v.getName().getValue(), v);
376 if (!paramsFromClassifier.get(v.getName().getValue()).equals(v)) {
377 throw new IllegalArgumentException("Classification error in rule: " + rule.getName()
378 + ".\nCause: " + "Classification conflict detected at parameter " + v.getName());
383 if(classifiers.isEmpty()) {
386 List<Map<String, ParameterValue>> derivedParamsByName = ParamDerivator.ETHER_TYPE_DERIVATOR.deriveParameter(paramsFromClassifier);
387 String baseId = createBaseFlowId(direction, cgPair, priority);
388 List<MatchBuilder> flowMatchBuilders = new ArrayList<>();
389 for (Map<String, ParameterValue> params : derivedParamsByName) {
390 List<MatchBuilder> matchBuildersToResolve = new ArrayList<>();
391 if (cgPair.sIpPrefixes.isEmpty() && cgPair.dIpPrefixes.isEmpty()) {
392 matchBuildersToResolve.add(createBaseMatch(direction, cgPair, null, null));
393 } else if (!cgPair.sIpPrefixes.isEmpty() && cgPair.dIpPrefixes.isEmpty()) {
394 for (IpPrefix sIpPrefix : cgPair.sIpPrefixes) {
395 matchBuildersToResolve.add(createBaseMatch(direction, cgPair, sIpPrefix, null));
397 } else if (cgPair.sIpPrefixes.isEmpty() && !cgPair.dIpPrefixes.isEmpty()) {
398 for (IpPrefix dIpPrefix : cgPair.sIpPrefixes) {
399 matchBuildersToResolve.add(createBaseMatch(direction, cgPair, null, dIpPrefix));
402 for (IpPrefix sIpPrefix : cgPair.sIpPrefixes) {
403 for (IpPrefix dIpPrefix : cgPair.sIpPrefixes) {
404 matchBuildersToResolve.add(createBaseMatch(direction, cgPair, sIpPrefix, dIpPrefix));
408 for (ClassifierDefinitionId clDefId : classifiers) {
409 Classifier classifier = SubjectFeatures.getClassifier(clDefId);
410 ClassificationResult result = classifier.updateMatch(matchBuildersToResolve, params);
411 if (!result.isSuccessfull()) {
412 // TODO consider different handling.
413 throw new IllegalArgumentException("Classification conflict detected in rule: " + rule.getName() + ".\nCause: "
414 + result.getErrorMessage());
416 matchBuildersToResolve = new ArrayList<>(result.getMatchBuilders());
418 flowMatchBuilders.addAll(matchBuildersToResolve);
420 FlowBuilder flow = base().setPriority(Integer.valueOf(priority));
421 for (MatchBuilder match : flowMatchBuilders) {
422 Match m = match.build();
423 FlowId flowId = new FlowId(baseId + "|" + m.toString());
426 .setPriority(Integer.valueOf(priority))
427 .setInstructions(instructions(applyActionIns(actionBuilderList)));
428 flowMap.writeFlow(netElements.getNodeId(), TABLE_ID, flow.build());
432 private String createBaseFlowId(Direction direction, CgPair cgPair, int priority) {
433 StringBuilder idb = new StringBuilder();
434 if (direction.equals(Direction.In)) {
435 idb.append(cgPair.sepg)
437 .append(cgPair.scgId)
441 .append(cgPair.dcgId)
445 idb.append(cgPair.depg)
447 .append(cgPair.dcgId)
451 .append(cgPair.scgId)
455 return idb.toString();
458 private MatchBuilder createBaseMatch(Direction direction, CgPair cgPair, IpPrefix sIpPrefix, IpPrefix dIpPrefix) {
459 MatchBuilder baseMatch = new MatchBuilder();
460 if (direction.equals(Direction.In)) {
461 addNxRegMatch(baseMatch,
462 RegMatch.of(NxmNxReg0.class, Long.valueOf(cgPair.sepg)),
463 RegMatch.of(NxmNxReg1.class, Long.valueOf(cgPair.scgId)),
464 RegMatch.of(NxmNxReg2.class, Long.valueOf(cgPair.depg)),
465 RegMatch.of(NxmNxReg3.class, Long.valueOf(cgPair.dcgId)));
466 if (sIpPrefix != null) {
467 baseMatch.setLayer3Match(createLayer3Match(sIpPrefix, true));
469 if (dIpPrefix != null) {
470 baseMatch.setLayer3Match(createLayer3Match(dIpPrefix, true));
473 addNxRegMatch(baseMatch,
474 RegMatch.of(NxmNxReg0.class, Long.valueOf(cgPair.depg)),
475 RegMatch.of(NxmNxReg1.class, Long.valueOf(cgPair.dcgId)),
476 RegMatch.of(NxmNxReg2.class, Long.valueOf(cgPair.sepg)),
477 RegMatch.of(NxmNxReg3.class, Long.valueOf(cgPair.scgId)));
478 if (sIpPrefix != null) {
479 baseMatch.setLayer3Match(createLayer3Match(sIpPrefix, false));
481 if (dIpPrefix != null) {
482 baseMatch.setLayer3Match(createLayer3Match(dIpPrefix, false));
488 private Layer3Match createLayer3Match(IpPrefix ipPrefix, boolean isSrc) {
489 if (ipPrefix.getIpv4Prefix() != null) {
491 return new Ipv4MatchBuilder().setIpv4Source(ipPrefix.getIpv4Prefix()).build();
493 return new Ipv4MatchBuilder().setIpv4Destination(ipPrefix.getIpv4Prefix()).build();
497 return new Ipv6MatchBuilder().setIpv6Source(ipPrefix.getIpv6Prefix()).build();
499 return new Ipv6MatchBuilder().setIpv6Destination(ipPrefix.getIpv6Prefix()).build();
504 // TODO: move to a common utils for all renderers
505 public List<Cell<EndpointConstraint, EndpointConstraint, List<RuleGroup>>>
506 getActiveRulesBetweenEps(Policy policy, Endpoint consEp, Endpoint provEp) {
507 List<Cell<EndpointConstraint, EndpointConstraint, List<RuleGroup>>> rulesWithEpConstraints = new ArrayList<>();
508 if (policy.getRuleMap() != null) {
509 for (Cell<EndpointConstraint, EndpointConstraint, List<RuleGroup>> cell : policy.getRuleMap().cellSet()) {
510 EndpointConstraint consEpConstraint = cell.getRowKey();
511 EndpointConstraint provEpConstraint = cell.getColumnKey();
512 if (epMatchesConstraint(consEp, consEpConstraint) && epMatchesConstraint(provEp, provEpConstraint)) {
513 rulesWithEpConstraints.add(cell);
517 return rulesWithEpConstraints;
520 private boolean epMatchesConstraint(Endpoint ep, EndpointConstraint constraint) {
521 List<ConditionName> epConditions = Collections.emptyList();
522 if (ep.getCondition() != null) {
523 epConditions = ep.getCondition();
525 return constraint.getConditionSet().matches(epConditions);
529 private static class CgPair {
531 private final int sepg;
532 private final int depg;
533 private final int scgId;
534 private final int dcgId;
535 private final Set<IpPrefix> sIpPrefixes;
536 private final Set<IpPrefix> dIpPrefixes;
538 public CgPair(int sepg, int depg, int scgId, int dcgId, Set<IpPrefix> sIpPrefixes, Set<IpPrefix> dIpPrefixes) {
544 this.sIpPrefixes = sIpPrefixes;
545 this.dIpPrefixes = dIpPrefixes;
549 public int hashCode() {
550 final int prime = 31;
552 result = prime * result + ((dIpPrefixes == null) ? 0 : dIpPrefixes.hashCode());
553 result = prime * result + dcgId;
554 result = prime * result + depg;
555 result = prime * result + ((sIpPrefixes == null) ? 0 : sIpPrefixes.hashCode());
556 result = prime * result + scgId;
557 result = prime * result + sepg;
562 public boolean equals(Object obj) {
567 if (getClass() != obj.getClass())
569 CgPair other = (CgPair) obj;
570 if (dIpPrefixes == null) {
571 if (other.dIpPrefixes != null)
573 } else if (!dIpPrefixes.equals(other.dIpPrefixes))
575 if (dcgId != other.dcgId)
577 if (sIpPrefixes == null) {
578 if (other.sIpPrefixes != null)
580 } else if (!sIpPrefixes.equals(other.sIpPrefixes))
582 if (depg != other.depg)
584 if (scgId != other.scgId)
586 if (sepg != other.sepg)
592 public class NetworkElements {
596 EndpointFwdCtxOrdinals srcOrds;
597 EndpointFwdCtxOrdinals dstOrds;
599 public NetworkElements(Endpoint src, Endpoint dst, NodeId nodeId, OfContext ctx, PolicyInfo policyInfo) throws Exception {
602 this.nodeId = nodeId;
603 this.srcOrds=OrdinalFactory.getEndpointFwdCtxOrdinals(ctx, policyInfo, src);
604 this.dstOrds=OrdinalFactory.getEndpointFwdCtxOrdinals(ctx, policyInfo, dst);
609 public EndpointFwdCtxOrdinals getSrcOrds() {
615 public EndpointFwdCtxOrdinals getDstOrds() {
620 public Endpoint getSrc() {
625 public Endpoint getDst() {
630 public NodeId getNodeId() {
Code Review / groupbasedpolicy.git / blob