Code Review / netvirt.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Bug 7725: AAP with prefix 0.0.0.0/0 not supported in ACL
[netvirt.git] / vpnservice / aclservice / impl / src / main / java / org / opendaylight / netvirt / aclservice / StatefulIngressAclServiceImpl.java
diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/StatefulIngressAclServiceImpl.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/StatefulIngressAclServiceImpl.java
index 5cc947940b3d62e5a4d195fda316427879b0cc92..275aeb9addc2c75495efbce0a299f33d9397b417 100644 (file)
--- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/StatefulIngressAclServiceImpl.java
+++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/StatefulIngressAclServiceImpl.java
@@ -11,7 +11,6 @@ import java.math.BigInteger;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
-
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
 import org.opendaylight.genius.mdsalutil.ActionInfo;
 import org.opendaylight.genius.mdsalutil.InstructionInfo;
@@ -80,25 +79,40 @@ public class StatefulIngressAclServiceImpl extends AbstractIngressAclServiceImpl
     }
 
     @Override
-    protected String syncSpecificAclFlow(BigInteger dpId, int lportTag, int addOrRemove, String aclName, Ace ace,
-            String portId, Map<String, List<MatchInfoBase>> flowMap, String flowName) {
-        List<MatchInfoBase> flows = flowMap.get(flowName);
+    protected String syncSpecificAclFlow(BigInteger dpId, int lportTag, int addOrRemove, Ace ace, String portId,
+            Map<String, List<MatchInfoBase>> flowMap, String flowName) {
+        List<MatchInfoBase> matches = flowMap.get(flowName);
         flowName += "Ingress" + lportTag + ace.getKey().getRuleName();
-        flows.add(AclServiceUtils.buildLPortTagMatch(lportTag));
-        flows.add(new NxMatchInfo(NxMatchFieldType.ct_state,
+        matches.add(AclServiceUtils.buildLPortTagMatch(lportTag));
+        matches.add(new NxMatchInfo(NxMatchFieldType.ct_state,
                 new long[] {AclConstants.TRACKED_NEW_CT_STATE, AclConstants.TRACKED_NEW_CT_STATE_MASK}));
 
         Long elanTag = AclServiceUtils.getElanIdFromInterface(portId, dataBroker);
         List<ActionInfo> actionsInfos = new ArrayList<>();
         actionsInfos.add(new ActionNxConntrack(2, 1, 0, elanTag.intValue(), (short) 255));
         List<InstructionInfo> instructions = getDispatcherTableResubmitInstructions(actionsInfos);
-        int priority = this.aclDataUtil.getAclFlowPriority(aclName);
+
+        // For flows related remote ACL, unique flow priority is used for
+        // each flow to avoid overlapping flows
+        int priority = getIngressSpecificAclFlowPriority(dpId, addOrRemove, flowName);
 
         syncFlow(dpId, NwConstants.EGRESS_ACL_FILTER_TABLE, flowName, priority, "ACL", 0, 0,
-                AclConstants.COOKIE_ACL_BASE, flows, instructions, addOrRemove);
+                AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
         return flowName;
     }
 
+    private int getIngressSpecificAclFlowPriority(BigInteger dpId, int addOrRemove, String flowName) {
+        int priority;
+        if (addOrRemove == NwConstants.DEL_FLOW) {
+            priority = aclServiceUtils.releaseAndRemoveFlowPriorityFromCache(dpId, NwConstants.EGRESS_ACL_FILTER_TABLE,
+                    flowName);
+        } else {
+            priority = aclServiceUtils.allocateAndSaveFlowPriorityInCache(dpId, NwConstants.EGRESS_ACL_FILTER_TABLE,
+                    flowName);
+        }
+        return priority;
+    }
+
     /**
      * Adds the rule to send the packet to the netfilter to check whether it is
      * a known packet.
NetVirt - Archived