- boolean write, Integer priority) {
- MatchBuilder matchBuilder = new MatchBuilder();
- String flowId = "Egress_Other_" + segmentationId + "_" + srcMac + "_";
- matchBuilder = MatchUtils.createV4EtherMatchWithType(matchBuilder,srcMac,null,MatchUtils.ETHERTYPE_IPV4);
-
- short proto = 0;
- try {
- Integer protocol = new Integer(portSecurityRule.getSecurityRuleProtocol());
- proto = protocol.shortValue();
- flowId = flowId + proto;
- } catch (NumberFormatException e) {
- LOG.error("Protocol vlaue conversion failure", e);
- }
- matchBuilder = MatchUtils.createIpProtocolMatch(matchBuilder, proto);
-
- if (null != dstAddress) {
- flowId = flowId + dstAddress;
- matchBuilder = MatchUtils.addRemoteIpPrefix(matchBuilder, null,
- MatchUtils.iPv4PrefixFromIPv4Address(dstAddress));
-
- } else if (null != portSecurityRule.getSecurityRuleRemoteIpPrefix()) {
- flowId = flowId + portSecurityRule.getSecurityRuleRemoteIpPrefix();
- matchBuilder = MatchUtils.addRemoteIpPrefix(matchBuilder, null,
- new Ipv4Prefix(portSecurityRule.getSecurityRuleRemoteIpPrefix()));
+ boolean write, Integer priority, boolean isIpv6) {
+ if(null == portSecurityRule.getSecurityRuleProtocol() || portSecurityRule.getSecurityRuleProtocol().equals(MatchUtils.ANY_PROTOCOL)) {
+ egressAclIp(dpidLong, isIpv6, segmentationId, srcMac,
+ portSecurityRule, dstAddress,
+ write, Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY - 1, true);
+ if(!isIpv6) {
+ portSecurityRule.setSecurityRuleProtocol(MatchUtils.TCP);
+ portSecurityRule.setSecurityRulePortMin(PORT_RANGE_MIN);
+ portSecurityRule.setSecurityRulePortMax(PORT_RANGE_MAX);
+ egressAclTcp(dpidLong, segmentationId, srcMac,
+ portSecurityRule,dstAddress, write,
+ Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY, true);
+ portSecurityRule.setSecurityRuleProtocol(MatchUtils.UDP);
+ egressAclUdp(dpidLong, segmentationId, srcMac,
+ portSecurityRule, dstAddress, write,
+ Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY, true);
+ portSecurityRule.setSecurityRulePortMin(null);
+ portSecurityRule.setSecurityRulePortMax(null);
+ portSecurityRule.setSecurityRuleProtocol(MatchUtils.ICMP);
+ egressAclIcmp(dpidLong, segmentationId, srcMac,
+ portSecurityRule, dstAddress,write,
+ Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY, true);
+ portSecurityRule.setSecurityRuleProtocol(null);
+ }
+ } else {
+ switch (portSecurityRule.getSecurityRuleProtocol()) {
+ case MatchUtils.TCP_PROTOCOL:
+ portSecurityRule.setSecurityRulePortMin(PORT_RANGE_MIN);
+ portSecurityRule.setSecurityRulePortMax(PORT_RANGE_MAX);
+ egressAclTcp(dpidLong, segmentationId, srcMac,
+ portSecurityRule, dstAddress, write,
+ Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY, false);
+ break;
+ case MatchUtils.UDP_PROTOCOL:
+ portSecurityRule.setSecurityRulePortMin(PORT_RANGE_MIN);
+ portSecurityRule.setSecurityRulePortMax(PORT_RANGE_MAX);
+ egressAclUdp(dpidLong, segmentationId, srcMac,
+ portSecurityRule, dstAddress, write,
+ Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY, false);
+ break;
+ case MatchUtils.ICMP_PROTOCOL:
+ egressAclIcmp(dpidLong, segmentationId, srcMac,
+ portSecurityRule, dstAddress, write,
+ Constants.PROTO_PORT_PREFIX_MATCH_PRIORITY, false);
+ break;
+ default:
+ MatchBuilder matchBuilder = new MatchBuilder();
+ String flowId = "Egress_Other_" + segmentationId + "_" + srcMac + "_";
+ matchBuilder = MatchUtils.createV4EtherMatchWithType(matchBuilder, srcMac, null,
+ MatchUtils.ETHERTYPE_IPV4);
+ short proto = 0;
+ try {
+ Integer protocol = new Integer(portSecurityRule.getSecurityRuleProtocol());
+ proto = protocol.shortValue();
+ flowId = flowId + proto;
+ } catch (NumberFormatException e) {
+ LOG.error("Protocol vlaue conversion failure", e);
+ }
+ matchBuilder = MatchUtils.createIpProtocolAndEthMatch(matchBuilder, proto, srcMac, null);
+ if (null != dstAddress) {
+ flowId = flowId + dstAddress;
+ matchBuilder = MatchUtils.addRemoteIpPrefix(matchBuilder, null,
+ MatchUtils.iPv4PrefixFromIPv4Address(dstAddress));
+ } else if (null != portSecurityRule.getSecurityRuleRemoteIpPrefix()) {
+ flowId = flowId + portSecurityRule.getSecurityRuleRemoteIpPrefix();
+ if (isIpv6) {
+ matchBuilder = MatchUtils.addRemoteIpv6Prefix(matchBuilder, null,
+ new Ipv6Prefix(portSecurityRule.getSecurityRuleRemoteIpPrefix()));
+ } else {
+ if (!portSecurityRule.getSecurityRuleRemoteIpPrefix().contains("/0")) {
+ matchBuilder = MatchUtils.addRemoteIpPrefix(matchBuilder, null,
+ new Ipv4Prefix(portSecurityRule.getSecurityRuleRemoteIpPrefix()));
+ }
+ }
+ }
+ flowId = flowId + "_Permit";
+ NodeBuilder nodeBuilder = FlowUtils.createNodeBuilder(dpidLong);
+ FlowBuilder flowBuilder = FlowUtils.createFlowBuilder(flowId, priority, matchBuilder, getTable());
+ addInstructionWithConntrackCommit(flowBuilder, false);
+ syncFlow(flowBuilder, nodeBuilder, write);
+ break;
+ }