import java.util.ArrayList;
import java.util.List;
import java.util.Map;
+
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.genius.mdsalutil.ActionInfo;
import org.opendaylight.genius.mdsalutil.InstructionInfo;
-import org.opendaylight.genius.mdsalutil.MatchFieldType;
-import org.opendaylight.genius.mdsalutil.MatchInfo;
import org.opendaylight.genius.mdsalutil.MatchInfoBase;
import org.opendaylight.genius.mdsalutil.NwConstants;
import org.opendaylight.genius.mdsalutil.NxMatchFieldType;
import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
+import org.opendaylight.genius.mdsalutil.matches.MatchTcpFlags;
import org.opendaylight.netvirt.aclservice.api.AclServiceManager.Action;
import org.opendaylight.netvirt.aclservice.utils.AclConstants;
+import org.opendaylight.netvirt.aclservice.utils.AclDataUtil;
import org.opendaylight.netvirt.aclservice.utils.AclServiceOFFlowBuilder;
import org.opendaylight.netvirt.aclservice.utils.AclServiceUtils;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace;
* Note: Table names used are w.r.t switch. Hence, switch ingress is VM egress
* and vice versa.
*/
-public class StatelessEgressAclServiceImpl extends EgressAclServiceImpl {
+public class StatelessEgressAclServiceImpl extends AbstractEgressAclServiceImpl {
private static final Logger LOG = LoggerFactory.getLogger(StatelessEgressAclServiceImpl.class);
- public StatelessEgressAclServiceImpl(DataBroker dataBroker,
- IMdsalApiManager mdsalManager) {
- super(dataBroker, mdsalManager);
+ public StatelessEgressAclServiceImpl(DataBroker dataBroker, IMdsalApiManager mdsalManager, AclDataUtil aclDataUtil,
+ AclServiceUtils aclServiceUtils) {
+ super(dataBroker, mdsalManager, aclDataUtil, aclServiceUtils);
}
@Override
- protected void programFixedRules(BigInteger dpid, String dhcpMacAddress, List<AllowedAddressPairs> allowedAddresses,
- int lportTag, Action action, int addOrRemove) {
+ protected void programSpecificFixedRules(BigInteger dpid, String dhcpMacAddress,
+ List<AllowedAddressPairs> allowedAddresses, int lportTag, String portId, Action action, int addOrRemove) {
}
@Override
- protected void programAceRule(BigInteger dpId, int lportTag, int addOrRemove, Ace ace, String portId,
- List<AllowedAddressPairs> syncAllowedAddresses) {
+ protected String syncSpecificAclFlow(BigInteger dpId, int lportTag, int addOrRemove, int priority, Ace ace,
+ String portId, Map<String, List<MatchInfoBase>> flowMap, String flowName) {
+ // Not in use here. programAceRule function is overridden.
+ return null;
+ }
+
+ @Override
+ protected void programAceRule(BigInteger dpId, int lportTag, int addOrRemove, String aclName, Ace ace,
+ String portId, List<AllowedAddressPairs> syncAllowedAddresses) {
SecurityRuleAttr aceAttr = AclServiceUtils.getAccesssListAttributes(ace);
if (!aceAttr.getDirection().equals(DirectionEgress.class)) {
return;
for (Map.Entry<String, List<MatchInfoBase>> flow : flowMap.entrySet()) {
String flowName = flow.getKey();
List<MatchInfoBase> flowMatches = flow.getValue();
- boolean hasTcpDstMatch = AclServiceUtils.containsMatchFieldType(flowMatches,
- NxMatchFieldType.nx_tcp_dst_with_mask);
- if (hasTcpDstMatch || protocol == null) {
+ boolean hasTcpMatch = AclServiceUtils.containsMatchFieldType(flowMatches,
+ NxMatchFieldType.nx_tcp_dst_with_mask) || AclServiceUtils.containsMatchFieldType(flowMatches,
+ NxMatchFieldType.nx_tcp_src_with_mask);
+ if (hasTcpMatch || protocol == null) {
flowName += "Egress" + lportTag + ace.getKey().getRuleName();
flowMatches.add(AclServiceUtils.buildLPortTagMatch(lportTag));
- programAllowSynRules(dpId, flowName, flowMatches, addOrRemove);
+ programAllowSynRules(dpId, flowName, flowMatches, addOrRemove, protocol);
}
}
}
private void programAllowSynRules(BigInteger dpId, String origFlowName,
- List<MatchInfoBase> origFlowMatches, int addFlow) {
+ List<MatchInfoBase> origFlowMatches, int addFlow, Short protocol) {
List<MatchInfoBase> flowMatches = new ArrayList<>();
flowMatches.addAll(origFlowMatches);
- flowMatches.add(new MatchInfo(MatchFieldType.tcp_flags, new long[] { AclConstants.TCP_FLAG_SYN }));
+ if (new Short((short) NwConstants.IP_PROT_TCP).equals(protocol)) {
+ flowMatches.add(MatchTcpFlags.SYN);
+ }
List<ActionInfo> actionsInfos = new ArrayList<>();
List<InstructionInfo> instructions = getDispatcherTableResubmitInstructions(actionsInfos);