}
}
- public void egressACLDefaultTcpDrop(Long dpidLong, String segmentationId, String attachedMac,
- int priority, boolean write) {
- NodeBuilder nodeBuilder = FlowUtils.createNodeBuilder(dpidLong);
- FlowBuilder flowBuilder = new FlowBuilder();
- String flowName = "TCP_Syn_Egress_Default_Drop_" + segmentationId + "_" + attachedMac;
- FlowUtils.initFlowBuilder(flowBuilder, flowName, getTable()).setPriority(priority);
-
- MatchBuilder matchBuilder = new MatchBuilder();
- MatchUtils.createSmacTcpPortWithFlagMatch(matchBuilder, attachedMac, Constants.TCP_SYN, segmentationId);
- flowBuilder.setMatch(matchBuilder.build());
-
- if (write) {
- InstructionBuilder ib = new InstructionBuilder();
- InstructionsBuilder isb = new InstructionsBuilder();
- List<Instruction> instructions = Lists.newArrayList();
-
- InstructionUtils.createDropInstructions(ib);
- ib.setOrder(0);
- ib.setKey(new InstructionKey(0));
- instructions.add(ib.build());
- isb.setInstruction(instructions);
-
- flowBuilder.setInstructions(isb.build());
- writeFlow(flowBuilder, nodeBuilder);
- } else {
- removeFlow(flowBuilder, nodeBuilder);
- }
- }
-
- public void egressACLTcpPortWithPrefix(Long dpidLong, String segmentationId, String attachedMac, boolean write,
- Integer securityRulePortMin, String securityRuleIpPrefix,
- Integer priority) {
- PortNumber tcpPort = new PortNumber(securityRulePortMin);
- Ipv4Prefix srcIpPrefix = new Ipv4Prefix(securityRuleIpPrefix);
-
- NodeBuilder nodeBuilder = FlowUtils.createNodeBuilder(dpidLong);
- FlowBuilder flowBuilder = new FlowBuilder();
- String flowName = "UcastEgress_" + segmentationId + "_" + attachedMac
- + securityRulePortMin + securityRuleIpPrefix;
- FlowUtils.initFlowBuilder(flowBuilder, flowName, getTable()).setPriority(priority);
-
- MatchBuilder matchBuilder = new MatchBuilder();
- MatchUtils.createSmacTcpSynDstIpPrefixTcpPort(matchBuilder, new MacAddress(attachedMac),
- tcpPort, Constants.TCP_SYN, segmentationId, srcIpPrefix);
- flowBuilder.setMatch(matchBuilder.build());
-
- if (write) {
- InstructionsBuilder isb = new InstructionsBuilder();
- List<Instruction> instructionsList = Lists.newArrayList();
-
- InstructionBuilder ib = this.getMutablePipelineInstructionBuilder();
- ib.setOrder(0);
- ib.setKey(new InstructionKey(0));
- instructionsList.add(ib.build());
- isb.setInstruction(instructionsList);
-
- flowBuilder.setInstructions(isb.build());
- writeFlow(flowBuilder, nodeBuilder);
- } else {
- removeFlow(flowBuilder, nodeBuilder);
- }
- }
-
- public void egressAllowProto(Long dpidLong, String segmentationId, String attachedMac, boolean write,
- String securityRuleProtcol, Integer priority) {
- NodeBuilder nodeBuilder = FlowUtils.createNodeBuilder(dpidLong);
- FlowBuilder flowBuilder = new FlowBuilder();
- String flowName = "EgressAllProto_" + segmentationId + "_"
- + attachedMac + "_AllowEgressTCPSyn_" + securityRuleProtcol;
- FlowUtils.initFlowBuilder(flowBuilder, flowName, getTable()).setPriority(priority);
-
- MatchBuilder matchBuilder = new MatchBuilder();
- MatchUtils.createDmacIpTcpSynMatch(matchBuilder, new MacAddress(attachedMac), null, null);
- MatchUtils.createTunnelIDMatch(matchBuilder, new BigInteger(segmentationId));
- flowBuilder.setMatch(matchBuilder.build());
-
- if (write) {
- InstructionsBuilder isb = new InstructionsBuilder();
- List<Instruction> instructionsList = Lists.newArrayList();
-
- InstructionBuilder ib = this.getMutablePipelineInstructionBuilder();
- ib.setOrder(0);
- ib.setKey(new InstructionKey(0));
- instructionsList.add(ib.build());
- isb.setInstruction(instructionsList);
-
- flowBuilder.setInstructions(isb.build());
- writeFlow(flowBuilder, nodeBuilder);
- } else {
- removeFlow(flowBuilder, nodeBuilder);
- }
- }
-
- public void egressACLPermitAllProto(Long dpidLong, String segmentationId, String attachedMac,
- boolean write, String securityRuleIpPrefix, Integer priority) {
- NodeBuilder nodeBuilder = FlowUtils.createNodeBuilder(dpidLong);
- FlowBuilder flowBuilder = new FlowBuilder();
- String flowName = "Egress_Proto_ACL" + segmentationId + "_" +
- attachedMac + "_Permit_" + securityRuleIpPrefix;
- FlowUtils.initFlowBuilder(flowBuilder, flowName, getTable()).setPriority(priority);
-
- MatchBuilder matchBuilder = new MatchBuilder();
- MatchUtils.createTunnelIDMatch(matchBuilder, new BigInteger(segmentationId));
- if (securityRuleIpPrefix != null) {
- Ipv4Prefix srcIpPrefix = new Ipv4Prefix(securityRuleIpPrefix);
- MatchUtils.createSmacIpTcpSynMatch(matchBuilder, new MacAddress(attachedMac), null, srcIpPrefix);
- } else {
- MatchUtils.createSmacIpTcpSynMatch(matchBuilder, new MacAddress(attachedMac), null, null);
- }
- flowBuilder.setMatch(matchBuilder.build());
-
- if (write) {
- InstructionsBuilder isb = new InstructionsBuilder();
- List<Instruction> instructionsList = Lists.newArrayList();
-
- InstructionBuilder ib = this.getMutablePipelineInstructionBuilder();
- ib.setOrder(0);
- ib.setKey(new InstructionKey(0));
- instructionsList.add(ib.build());
- isb.setInstruction(instructionsList);
-
- flowBuilder.setInstructions(isb.build());
- writeFlow(flowBuilder, nodeBuilder);
- } else {
- removeFlow(flowBuilder, nodeBuilder);
- }
- }
-
- public void egressACLTcpSyn(Long dpidLong, String segmentationId, String attachedMac, boolean write,
- Integer securityRulePortMin, Integer priority) {
- PortNumber tcpPort = new PortNumber(securityRulePortMin);
-
- NodeBuilder nodeBuilder = FlowUtils.createNodeBuilder(dpidLong);
- FlowBuilder flowBuilder = new FlowBuilder();
- String flowName = "Ucast_this.getTable()" + segmentationId + "_" + attachedMac + securityRulePortMin;
- FlowUtils.initFlowBuilder(flowBuilder, flowName, getTable()).setPriority(priority);
-
- MatchBuilder matchBuilder = new MatchBuilder();
- MatchUtils.createSmacTcpSyn(matchBuilder, attachedMac, tcpPort, Constants.TCP_SYN, segmentationId);
- flowBuilder.setMatch(matchBuilder.build());
-
- if (write) {
- // Instantiate the Builders for the OF Actions and Instructions
- InstructionsBuilder isb = new InstructionsBuilder();
- List<Instruction> instructionsList = Lists.newArrayList();
-
- InstructionBuilder ib = this.getMutablePipelineInstructionBuilder();
- ib.setOrder(0);
- ib.setKey(new InstructionKey(0));
- instructionsList.add(ib.build());
- isb.setInstruction(instructionsList);
-
- flowBuilder.setInstructions(isb.build());
- writeFlow(flowBuilder, nodeBuilder);
- } else {
- removeFlow(flowBuilder, nodeBuilder);
- }
- }
-
/**
* Adds flow to allow any DHCP client traffic.
*
Code Review / ovsdb.git / blobdiff