vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/utils/AclConstants.java

   1 /*
   2  * Copyright (c) 2016, 2017 Ericsson India Global Services Pvt Ltd. and others. All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.netvirt.aclservice.utils;
  10
  11 import java.math.BigInteger;
  12 import java.util.ArrayList;
  13 import java.util.List;
  14
  15 /**
  16  * The class to have ACL related constants.
  17  */
  18 public final class AclConstants {
  19
  20     public static final short INGRESS_ACL_DEFAULT_FLOW_PRIORITY = 1;
  21     public static final short EGRESS_ACL_DEFAULT_FLOW_PRIORITY = 11;
  22
  23     public static final Integer PROTO_IPV6_DROP_PRIORITY = 63020;
  24     public static final Integer PROTO_IPV6_ALLOWED_PRIORITY = 63010;
  25     public static final Integer PROTO_DHCP_SERVER_MATCH_PRIORITY = 63010;
  26     public static final Integer PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY = 63010;
  27     public static final Integer PROTO_ARP_TRAFFIC_MATCH_PRIORITY = 63010;
  28     public static final Integer PROTO_MATCH_PRIORITY = 61010;
  29     public static final Integer PREFIX_MATCH_PRIORITY = 61009;
  30     public static final Integer PROTO_PREFIX_MATCH_PRIORITY = 61008;
  31     public static final Integer PROTO_PORT_MATCH_PRIORITY = 61007;
  32     public static final Integer PROTO_PORT_PREFIX_MATCH_PRIORITY = 61007;
  33     public static final Integer PROTO_MATCH_SYN_ALLOW_PRIORITY = 61005;
  34     public static final Integer PROTO_MATCH_SYN_ACK_ALLOW_PRIORITY = 61004;
  35     public static final Integer PROTO_MATCH_SYN_DROP_PRIORITY = 61003;
  36     public static final Integer PROTO_VM_IP_MAC_MATCH_PRIORITY = 36001;
  37     public static final Integer CT_STATE_UNTRACKED_PRIORITY = 62030;
  38     public static final Integer CT_STATE_TRACKED_EXIST_PRIORITY = 62020;
  39     public static final Integer CT_STATE_TRACKED_INVALID_PRIORITY = 62015;
  40     public static final Integer CT_STATE_TRACKED_NEW_PRIORITY = 62010;
  41     public static final Integer CT_STATE_TRACKED_NEW_DROP_PRIORITY = 50;
  42     public static final Integer NO_PRIORITY = 50;
  43
  44     public static final short DHCP_CLIENT_PORT_IPV4 = 68;
  45     public static final short DHCP_SERVER_PORT_IPV4 = 67;
  46     public static final short DHCP_CLIENT_PORT_IPV6 = 546;
  47     public static final short DHCP_SERVER_PORT_IPV6 = 547;
  48
  49     public static final BigInteger COOKIE_ACL_BASE = new BigInteger("6900000", 16);
  50     public static final BigInteger COOKIE_ACL_DROP_FLOW = new BigInteger("6900001", 16);
  51
  52     public static final int TRACKED_EST_CT_STATE = 0x22;
  53     public static final int TRACKED_REL_CT_STATE = 0x24;
  54     public static final int TRACKED_NEW_CT_STATE = 0x21;
  55     public static final int TRACKED_INV_CT_STATE = 0x30;
  56
  57     public static final int TRACKED_EST_CT_STATE_MASK = 0x37;
  58     public static final int TRACKED_REL_CT_STATE_MASK = 0x37;
  59     public static final int TRACKED_NEW_CT_STATE_MASK = 0x21;
  60     public static final int TRACKED_INV_CT_STATE_MASK = 0x30;
  61
  62     public static final String IPV4_ALL_NETWORK = "0.0.0.0/0";
  63     public static final String IPV6_ALL_NETWORK = "::/0";
  64     public static final long TCP_FLAG_SYN = 1 << 1;
  65     public static final long TCP_FLAG_ACK = 1 << 4;
  66     public static final long TCP_FLAG_SYN_ACK = TCP_FLAG_SYN + TCP_FLAG_ACK;
  67     public static final int ALL_LAYER4_PORT = 65535;
  68     public static final int ALL_LAYER4_PORT_MASK = 0x0000;
  69
  70     public static final Short IP_PROT_ICMPV6 = 58;
  71     public static final int ICMPV6_TYPE_MLD_QUERY = 130;
  72     public static final int ICMPV6_TYPE_RS = 133;
  73     public static final int ICMPV6_TYPE_RA = 134;
  74     public static final int ICMPV6_TYPE_NS = 135;
  75     public static final int ICMPV6_TYPE_NA = 136;
  76     public static final int ICMPV6_TYPE_MLD2_REPORT = 143;
  77
  78     public static final BigInteger METADATA_MASK_LEARN_FLAG = new BigInteger("FFFFFFFFFFFFFFFE", 16);
  79
  80     public static final String SECURITY_GROUP_TCP_IDLE_TO_KEY = "security-group-tcp-idle-timeout";
  81     public static final String SECURITY_GROUP_TCP_HARD_TO_KEY = "security-group-tcp-hard-timeout";
  82     public static final String SECURITY_GROUP_TCP_FIN_IDLE_TO_KEY = "security-group-tcp-fin-idle-timeout";
  83     public static final String SECURITY_GROUP_TCP_FIN_HARD_TO_KEY = "security-group-tcp-fin-hard-timeout";
  84     public static final String SECURITY_GROUP_UDP_IDLE_TO_KEY = "security-group-udp-idle-timeout";
  85     public static final String SECURITY_GROUP_UDP_HARD_TO_KEY = "security-group-udp-hard-timeout";
  86
  87     public static final int LEARN_MATCH_REG_VALUE = 1;
  88     public static final int LEARN_DELETE_LEARNED_FLAG_VALUE = 2;
  89
  90     public static final String ACL_FLOW_PRIORITY_POOL_NAME = "acl.flow.priorities.pool";
  91     public static final long ACL_FLOW_PRIORITY_LOW_POOL_START = 1000L;
  92     public static final long ACL_FLOW_PRIORITY_LOW_POOL_END = 30000L;
  93     public static final long ACL_FLOW_PRIORITY_HIGH_POOL_START = 30001L;
  94     public static final long ACL_FLOW_PRIORITY_HIGH_POOL_END = 60000L;
  95     public static final long ACL_ID_METADATA_POOL_START = 1L;
  96     public static final long ACL_ID_METADATA_POOL_END = 10000L;
  97
  98     public static final int SOURCE_LOWER_PORT_UNSPECIFIED = -1;
  99     public static final int SOURCE_UPPER_PORT_UNSPECIFIED = -1;
 100     public static final int DEST_LOWER_PORT_UNSPECIFIED = -1;
 101     public static final int DEST_UPPER_PORT_UNSPECIFIED = -1;
 102     public static final int DEST_LOWER_PORT_HTTP = 80;
 103     public static final int DEST_LOWER_PORT_2 = 2;
 104     public static final int DEST_UPPER_PORT_3 = 3;
 105     public static final int DEST_UPPER_PORT_HTTP = 80;
 106     public static final int SOURCE_REMOTE_IP_PREFIX_SPECIFIED = 1;
 107     public static final int SOURCE_REMOTE_IP_PREFIX_UNSPECIFIED = -1;
 108     public static final int DEST_REMOTE_IP_PREFIX_SPECIFIED = 1;
 109     public static final int DEST_REMOTE_IP_PREFIX_UNSPECIFIED = -1;
 110     public static final int INVALID_ACL_ID = -1;
 111     public static final short EGRESS_ACL_DUMMY_TABLE = 239;
 112     public static final int TRACKED_CT_STATE = 0x20;
 113     public static final int TRACKED_CT_STATE_MASK = 0x20;
 114
 115     public static final String ACL_ID_POOL_NAME = "ACL-ID-POOL";
 116
 117     enum PacketHandlingType {
 118         PERMIT,
 119         DENY
 120     }
 121
 122     private AclConstants() {
 123     }
 124
 125     public static List<Integer> allowedIcmpv6NdList() {
 126         List<Integer> icmpv6NdList = new ArrayList<>();
 127         icmpv6NdList.add(ICMPV6_TYPE_RS);
 128         icmpv6NdList.add(ICMPV6_TYPE_NS);
 129         icmpv6NdList.add(ICMPV6_TYPE_NA);
 130         return icmpv6NdList;
 131     }
 132 }