+ private void addLearnEgressAclTableMissFlow(BigInteger dpId) {
+ List<InstructionInfo> mkInstructions = new ArrayList<>();
+ List<ActionInfo> actionsInfos = new ArrayList<>();
+ actionsInfos.add(new ActionNxResubmit(NwConstants.EGRESS_LEARN_TABLE));
+ actionsInfos.add(new ActionNxResubmit(NwConstants.EGRESS_LEARN2_TABLE));
+ mkInstructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+ List<MatchInfo> mkMatches = new ArrayList<>();
+ FlowEntity doubleResubmitTable = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_ACL_TABLE,
+ "RESUB-" + getTableMissFlowId(NwConstants.EGRESS_ACL_TABLE),
+ AclConstants.PROTO_MATCH_PRIORITY, "Egress resubmit ACL Table Block", 0, 0,
+ AclConstants.COOKIE_ACL_BASE, mkMatches, mkInstructions);
+ mdsalManager.installFlow(doubleResubmitTable);
+
+ mkMatches = new ArrayList<>();
+ mkInstructions = new ArrayList<>();
+ actionsInfos = new ArrayList<>();
+ actionsInfos.add(new ActionDrop());
+ mkInstructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+ FlowEntity flowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_LEARN2_TABLE,
+ "LEARN-" + getTableMissFlowId(NwConstants.EGRESS_LEARN2_TABLE), 0,
+ "Egress Learn2 ACL Table Miss Flow", 0, 0,
+ AclConstants.COOKIE_ACL_BASE, mkMatches, mkInstructions);
+ mdsalManager.installFlow(flowEntity);
+
+ List<NxMatchInfo> nxMkMatches = new ArrayList<>();
+ nxMkMatches.add(new NxMatchInfo(NxMatchFieldType.nxm_reg_5,
+ new long[] {Long.valueOf(AclConstants.LEARN_MATCH_REG_VALUE)}));
+
+ short dispatcherTableId = NwConstants.EGRESS_LPORT_DISPATCHER_TABLE;
+ List<InstructionInfo> instructions = new ArrayList<>();
+ actionsInfos.add(new ActionNxResubmit(dispatcherTableId));
+ instructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+ flowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_LEARN2_TABLE,
+ "LEARN2-REG-" + getTableMissFlowId(NwConstants.EGRESS_LEARN2_TABLE),
+ AclConstants.PROTO_MATCH_PRIORITY, "Egress Learn2 ACL Table match reg Flow", 0, 0,
+ AclConstants.COOKIE_ACL_BASE, nxMkMatches, instructions);
+ mdsalManager.installFlow(flowEntity);
+ LOG.debug("Added learn ACL Table Miss Flows for dpn {}", dpId);
+ }
+
+ private void addLearnIngressAclTableMissFlow(BigInteger dpId) {
+ List<InstructionInfo> mkInstructions = new ArrayList<>();
+ List<ActionInfo> actionsInfos = new ArrayList<>();
+ actionsInfos.add(new ActionNxResubmit(NwConstants.INGRESS_LEARN_TABLE));
+ actionsInfos.add(new ActionNxResubmit(NwConstants.INGRESS_LEARN2_TABLE));
+ mkInstructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+ List<MatchInfo> mkMatches = new ArrayList<>();
+ FlowEntity doubleResubmitTable = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_ACL_TABLE,
+ "RESUB-" + getTableMissFlowId(NwConstants.INGRESS_ACL_TABLE),
+ AclConstants.PROTO_MATCH_PRIORITY, "Ingress resubmit ACL Table Block", 0, 0,
+ AclConstants.COOKIE_ACL_BASE, mkMatches, mkInstructions);
+ mdsalManager.installFlow(doubleResubmitTable);
+
+ mkMatches = new ArrayList<>();
+ mkInstructions = new ArrayList<>();
+ actionsInfos = new ArrayList<>();
+ actionsInfos.add(new ActionDrop());
+ mkInstructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+ FlowEntity flowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_LEARN2_TABLE,
+ "LEARN-" + getTableMissFlowId(NwConstants.INGRESS_LEARN2_TABLE), 0,
+ "Ingress Learn2 ACL Table Miss Flow", 0, 0,
+ AclConstants.COOKIE_ACL_BASE, mkMatches, mkInstructions);
+ mdsalManager.installFlow(flowEntity);
+
+ List<NxMatchInfo> nxMkMatches = new ArrayList<>();
+ nxMkMatches.add(new NxMatchInfo(NxMatchFieldType.nxm_reg_5,
+ new long[] {Long.valueOf(AclConstants.LEARN_MATCH_REG_VALUE)}));
+
+ short dispatcherTableId = NwConstants.LPORT_DISPATCHER_TABLE;
+ List<InstructionInfo> instructions = new ArrayList<>();
+ actionsInfos.add(new ActionNxResubmit(dispatcherTableId));
+ instructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+ flowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_LEARN2_TABLE,
+ "LEARN2-REG-" + getTableMissFlowId(NwConstants.INGRESS_LEARN2_TABLE),
+ AclConstants.PROTO_MATCH_PRIORITY, "Egress Learn2 ACL Table match reg Flow", 0, 0,
+ AclConstants.COOKIE_ACL_BASE, nxMkMatches, instructions);
+ mdsalManager.installFlow(flowEntity);
+ LOG.debug("Added learn ACL Table Miss Flows for dpn {}", dpId);
+
+ }
+
+ /**
+ * Adds the ingress acl table transparent flow.
+ *
+ * @param dpId the dp id
+ */
+ private void addTransparentIngressAclTableMissFlow(BigInteger dpId) {
+ List<MatchInfo> mkMatches = new ArrayList<>();
+ List<InstructionInfo> allowAllInstructions = new ArrayList<>();
+ allowAllInstructions.add(
+ new InstructionInfo(InstructionType.goto_table,
+ new long[] { NwConstants.INGRESS_ACL_FILTER_TABLE }));
+
+ FlowEntity nextTblFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_ACL_TABLE,
+ getTableMissFlowId(NwConstants.INGRESS_ACL_TABLE), 0, "Ingress ACL Table allow all Flow",
+ 0, 0, AclConstants.COOKIE_ACL_BASE, mkMatches, allowAllInstructions);
+ mdsalManager.installFlow(nextTblFlowEntity);
+
+ short dispatcherTableId = NwConstants.LPORT_DISPATCHER_TABLE;
+
+ List<ActionInfo> actionsInfos = new ArrayList<>();
+ List<InstructionInfo> dispatcherInstructions = new ArrayList<>();
+ actionsInfos.add(new ActionNxResubmit(dispatcherTableId));
+ dispatcherInstructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+ nextTblFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_ACL_FILTER_TABLE,
+ getTableMissFlowId(NwConstants.INGRESS_ACL_FILTER_TABLE), 0, "Ingress ACL Filter Table allow all Flow",
+ 0, 0, AclConstants.COOKIE_ACL_BASE, mkMatches, dispatcherInstructions);
+ mdsalManager.installFlow(nextTblFlowEntity);
+
+ LOG.debug("Added Transparent Ingress ACL Table allow all Flows for dpn {}", dpId);
+ }
+
+ /**
+ * Adds the egress acl table transparent flow.
+ *
+ * @param dpId the dp id
+ */
+ private void addTransparentEgressAclTableMissFlow(BigInteger dpId) {
+ List<MatchInfo> mkMatches = new ArrayList<>();
+ List<InstructionInfo> allowAllInstructions = new ArrayList<>();
+ allowAllInstructions.add(
+ new InstructionInfo(InstructionType.goto_table,
+ new long[] { NwConstants.EGRESS_ACL_FILTER_TABLE }));
+
+ FlowEntity nextTblFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_ACL_TABLE,
+ getTableMissFlowId(NwConstants.EGRESS_ACL_TABLE), 0, "Egress ACL Table allow all Flow",
+ 0, 0, AclConstants.COOKIE_ACL_BASE, mkMatches, allowAllInstructions);
+ mdsalManager.installFlow(nextTblFlowEntity);
+
+ short dispatcherTableId = NwConstants.EGRESS_LPORT_DISPATCHER_TABLE;
+
+ List<ActionInfo> actionsInfos = new ArrayList<>();
+ List<InstructionInfo> instructions = new ArrayList<>();
+ actionsInfos.add(new ActionNxResubmit(dispatcherTableId));
+ instructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+ nextTblFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_ACL_FILTER_TABLE,
+ getTableMissFlowId(NwConstants.EGRESS_ACL_FILTER_TABLE), 0, "Egress ACL Filter Table allow all Flow",
+ 0, 0, AclConstants.COOKIE_ACL_BASE, mkMatches, instructions);
+ mdsalManager.installFlow(nextTblFlowEntity);
+
+ LOG.debug("Added Transparent Egress ACL Table allow all Flows for dpn {}", dpId);
+ }
+
+ /**
+ * Adds the ingress acl table miss flow.
+ *
+ * @param dpId the dp id
+ */
+ private void addStatelessIngressAclTableMissFlow(BigInteger dpId) {
+ List<MatchInfo> synMatches = new ArrayList<>();
+ synMatches.add(new MatchInfo(MatchFieldType.eth_type,
+ new long[] { NwConstants.ETHTYPE_IPV4 }));
+ synMatches.add(new MatchInfo(MatchFieldType.ip_proto,
+ new long[] { IPProtocols.TCP.intValue() }));
+
+ synMatches.add(new MatchInfo(MatchFieldType.tcp_flags, new long[] { AclConstants.TCP_FLAG_SYN }));
+
+ List<ActionInfo> dropActionsInfos = new ArrayList<>();
+ dropActionsInfos.add(new ActionDrop());
+ List<InstructionInfo> synInstructions = new ArrayList<>();
+ synInstructions.add(new InstructionInfo(InstructionType.apply_actions, dropActionsInfos));
+
+ FlowEntity synFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_ACL_TABLE,
+ "SYN-" + getTableMissFlowId(NwConstants.EGRESS_ACL_TABLE),
+ AclConstants.PROTO_MATCH_SYN_DROP_PRIORITY, "Ingress Syn ACL Table Block", 0, 0,
+ AclConstants.COOKIE_ACL_BASE, synMatches, synInstructions);
+ mdsalManager.installFlow(synFlowEntity);
+
+ synMatches = new ArrayList<>();
+ synMatches.add(new MatchInfo(MatchFieldType.eth_type,
+ new long[] { NwConstants.ETHTYPE_IPV4 }));
+ synMatches.add(new MatchInfo(MatchFieldType.ip_proto,
+ new long[] { IPProtocols.TCP.intValue() }));
+ synMatches.add(new MatchInfo(MatchFieldType.tcp_flags, new long[] { AclConstants.TCP_FLAG_SYN_ACK }));
+
+ List<InstructionInfo> allowAllInstructions = new ArrayList<>();
+ allowAllInstructions.add(
+ new InstructionInfo(InstructionType.goto_table,
+ new long[] { NwConstants.EGRESS_ACL_FILTER_TABLE }));
+
+ FlowEntity synAckFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_ACL_TABLE,
+ "SYN-ACK-ALLOW-" + getTableMissFlowId(NwConstants.EGRESS_ACL_TABLE),
+ AclConstants.PROTO_MATCH_SYN_ACK_ALLOW_PRIORITY, "Ingress Syn Ack ACL Table Allow", 0, 0,
+ AclConstants.COOKIE_ACL_BASE, synMatches, allowAllInstructions);
+ mdsalManager.installFlow(synAckFlowEntity);
+
+
+ List<MatchInfo> mkMatches = new ArrayList<>();
+ FlowEntity flowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_ACL_TABLE,
+ getTableMissFlowId(NwConstants.EGRESS_ACL_TABLE), 0, "Ingress Stateless ACL Table Miss Flow",
+ 0, 0, AclConstants.COOKIE_ACL_BASE, mkMatches, allowAllInstructions);
+ mdsalManager.installFlow(flowEntity);
+
+ short dispatcherTableId = NwConstants.EGRESS_LPORT_DISPATCHER_TABLE;
+
+ List<ActionInfo> actionsInfos = new ArrayList<>();
+ List<InstructionInfo> instructions = new ArrayList<>();
+ actionsInfos.add(new ActionNxResubmit(dispatcherTableId));
+ instructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+ FlowEntity nextTblFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_ACL_FILTER_TABLE,
+ getTableMissFlowId(NwConstants.EGRESS_ACL_FILTER_TABLE), 0,
+ "Ingress Stateless Next ACL Table Miss Flow", 0, 0, AclConstants.COOKIE_ACL_BASE,
+ mkMatches, instructions);
+ mdsalManager.installFlow(nextTblFlowEntity);
+
+ LOG.debug("Added Stateless Ingress ACL Table Miss Flows for dpn {}.", dpId);
+ }
+
+ /**
+ * Adds the stateless egress acl table miss flow.
+ *
+ * @param dpId the dp id
+ */
+ private void addStatelessEgressAclTableMissFlow(BigInteger dpId) {
+ List<InstructionInfo> allowAllInstructions = new ArrayList<>();
+ allowAllInstructions.add(
+ new InstructionInfo(InstructionType.goto_table, new long[] { NwConstants.INGRESS_ACL_FILTER_TABLE }));
+
+ List<MatchInfo> synMatches = new ArrayList<>();
+ synMatches.add(new MatchInfo(MatchFieldType.eth_type,
+ new long[] { NwConstants.ETHTYPE_IPV4 }));
+ synMatches.add(new MatchInfo(MatchFieldType.ip_proto,
+ new long[] { IPProtocols.TCP.intValue() }));
+ synMatches.add(new MatchInfo(MatchFieldType.tcp_flags, new long[] { AclConstants.TCP_FLAG_SYN }));
+
+ List<ActionInfo> synActionsInfos = new ArrayList<>();
+ synActionsInfos.add(new ActionDrop());
+ List<InstructionInfo> synInstructions = new ArrayList<>();
+ synInstructions.add(new InstructionInfo(InstructionType.apply_actions, synActionsInfos));
+
+ FlowEntity synFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_ACL_TABLE,
+ "SYN-" + getTableMissFlowId(NwConstants.INGRESS_ACL_TABLE),
+ AclConstants.PROTO_MATCH_SYN_DROP_PRIORITY, "Egress Syn ACL Table Block", 0, 0,
+ AclConstants.COOKIE_ACL_BASE, synMatches, synInstructions);
+ mdsalManager.installFlow(synFlowEntity);
+
+ synMatches = new ArrayList<>();
+ synMatches.add(new MatchInfo(MatchFieldType.eth_type,
+ new long[] { NwConstants.ETHTYPE_IPV4 }));
+ synMatches.add(new MatchInfo(MatchFieldType.ip_proto,
+ new long[] { IPProtocols.TCP.intValue() }));
+ synMatches.add(new MatchInfo(MatchFieldType.tcp_flags, new long[] { AclConstants.TCP_FLAG_SYN_ACK }));
+
+ FlowEntity synAckFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_ACL_TABLE,
+ "SYN-ACK-ALLOW-" + getTableMissFlowId(NwConstants.INGRESS_ACL_TABLE),
+ AclConstants.PROTO_MATCH_SYN_ACK_ALLOW_PRIORITY, "Egress Syn Ack ACL Table Allow", 0, 0,
+ AclConstants.COOKIE_ACL_BASE, synMatches, allowAllInstructions);
+ mdsalManager.installFlow(synAckFlowEntity);
+
+ List<MatchInfo> mkMatches = new ArrayList<>();
+ FlowEntity flowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_ACL_TABLE,
+ getTableMissFlowId(NwConstants.INGRESS_ACL_TABLE), 0, "Egress Stateless ACL Table Miss Flow", 0, 0,
+ AclConstants.COOKIE_ACL_BASE, mkMatches, allowAllInstructions);
+ mdsalManager.installFlow(flowEntity);
+
+ short dispatcherTableId = NwConstants.LPORT_DISPATCHER_TABLE;
+
+ List<ActionInfo> actionsInfos = new ArrayList<>();
+ List<InstructionInfo> dispatcherInstructions = new ArrayList<>();
+ actionsInfos.add(new ActionNxResubmit(dispatcherTableId));
+ dispatcherInstructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+ FlowEntity nextTblFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_ACL_FILTER_TABLE,
+ getTableMissFlowId(NwConstants.INGRESS_ACL_FILTER_TABLE), 0,
+ "Egress Stateless Next ACL Table Miss Flow", 0, 0, AclConstants.COOKIE_ACL_BASE, mkMatches,
+ dispatcherInstructions);
+ mdsalManager.installFlow(nextTblFlowEntity);
+
+ LOG.debug("Added Stateless Egress ACL Table Miss Flows for dpn {}", dpId);
+ }
+