Action redesign: use the new ActionInfo Genius classes

[netvirt.git] / vpnservice / aclservice / impl / src / main / java / org / opendaylight / netvirt / aclservice / listeners / AclNodeListener.java
diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/listeners/AclNodeListener.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/listeners/AclNodeListener.java

index 0c9bddb1b02db57f1e371f1f0618d9e1e2bfbea6..10318917ec5345165ff49bdf0260403530e0eceb 100644 (file)
--- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/listeners/AclNodeListener.java
+++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/listeners/AclNodeListener.java
@@ -8,19 +8,19 @@
  
  package org.opendaylight.netvirt.aclservice.listeners;
  
-import com.google.common.base.Optional;
  import java.math.BigInteger;
  import java.util.ArrayList;
  import java.util.List;
+import javax.annotation.PostConstruct;
+import javax.inject.Inject;
+import javax.inject.Singleton;
  import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
  import org.opendaylight.genius.datastoreutils.AsyncDataTreeChangeListenerBase;
  import org.opendaylight.genius.mdsalutil.ActionInfo;
-import org.opendaylight.genius.mdsalutil.ActionType;
  import org.opendaylight.genius.mdsalutil.FlowEntity;
  import org.opendaylight.genius.mdsalutil.InstructionInfo;
  import org.opendaylight.genius.mdsalutil.InstructionType;
-import org.opendaylight.genius.mdsalutil.MDSALDataStoreUtils;
  import org.opendaylight.genius.mdsalutil.MDSALUtil;
  import org.opendaylight.genius.mdsalutil.MatchFieldType;
  import org.opendaylight.genius.mdsalutil.MatchInfo;
@@ -28,14 +28,17 @@ import org.opendaylight.genius.mdsalutil.MatchInfoBase;
  import org.opendaylight.genius.mdsalutil.NwConstants;
  import org.opendaylight.genius.mdsalutil.NxMatchFieldType;
  import org.opendaylight.genius.mdsalutil.NxMatchInfo;
+import org.opendaylight.genius.mdsalutil.actions.ActionDrop;
+import org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit;
  import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
+import org.opendaylight.genius.mdsalutil.packet.IPProtocols;
  import org.opendaylight.netvirt.aclservice.utils.AclConstants;
  import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.FlowCapableNode;
  import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.Nodes;
  import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
  import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeKey;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.config.rev160806.AclserviceConfig.SecurityGroupMode;
  import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.config.rev160806.AclserviceConfig;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.config.rev160806.AclserviceConfig.SecurityGroupMode;
  import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
  import org.slf4j.Logger;
  import org.slf4j.LoggerFactory;
@@ -43,98 +46,58 @@ import org.slf4j.LoggerFactory;
  /**
   * Listener to handle flow capable node updates.
   */
+@Singleton
  @SuppressWarnings("deprecation")
  public class AclNodeListener extends AsyncDataTreeChangeListenerBase<FlowCapableNode, AclNodeListener>
          implements AutoCloseable {
  
-    /** The Constant LOG. */
      private static final Logger LOG = LoggerFactory.getLogger(AclNodeListener.class);
  
-    /** The mdsal manager. */
      private final IMdsalApiManager mdsalManager;
-
-    /** The data broker. */
+    private final AclserviceConfig config;
      private final DataBroker dataBroker;
  
      private SecurityGroupMode securityGroupMode = null;
  
-    /**
-     * Instantiates a new acl node listener.
-     *
-     * @param mdsalManager the mdsal manager
-     */
-    public AclNodeListener(final IMdsalApiManager mdsalManager, DataBroker dataBroker) {
+    @Inject
+    public AclNodeListener(final IMdsalApiManager mdsalManager, DataBroker dataBroker, AclserviceConfig config) {
          super(FlowCapableNode.class, AclNodeListener.class);
  
          this.mdsalManager = mdsalManager;
          this.dataBroker = dataBroker;
+        this.config = config;
      }
  
-    public void start() {
+    @Override
+    @PostConstruct
+    public void init() {
          LOG.info("{} start", getClass().getSimpleName());
-        Optional<AclserviceConfig> aclConfig = MDSALDataStoreUtils.read(dataBroker,
-                LogicalDatastoreType.CONFIGURATION, InstanceIdentifier
-                .create(AclserviceConfig.class));
-        if (aclConfig.isPresent()) {
-            this.securityGroupMode = aclConfig.get().getSecurityGroupMode();
+        if (config != null) {
+            this.securityGroupMode = config.getSecurityGroupMode();
          }
          registerListener(LogicalDatastoreType.OPERATIONAL, dataBroker);
+        LOG.info("AclserviceConfig: {}", this.config);
      }
  
-    /*
-     * (non-Javadoc)
-     *
-     * @see
-     * org.opendaylight.genius.datastoreutils.AsyncDataTreeChangeListenerBase#
-     * getWildCardPath()
-     */
      @Override
      protected InstanceIdentifier<FlowCapableNode> getWildCardPath() {
          return InstanceIdentifier.create(Nodes.class).child(Node.class).augmentation(FlowCapableNode.class);
      }
  
-    /*
-     * (non-Javadoc)
-     *
-     * @see
-     * org.opendaylight.genius.datastoreutils.AsyncDataTreeChangeListenerBase#
-     * remove(org.opendaylight.yangtools.yang.binding.InstanceIdentifier,
-     * org.opendaylight.yangtools.yang.binding.DataObject)
-     */
      @Override
      protected void remove(InstanceIdentifier<FlowCapableNode> key, FlowCapableNode dataObjectModification) {
          // do nothing
-
      }
  
-    /*
-     * (non-Javadoc)
-     *
-     * @see
-     * org.opendaylight.genius.datastoreutils.AsyncDataTreeChangeListenerBase#
-     * update(org.opendaylight.yangtools.yang.binding.InstanceIdentifier,
-     * org.opendaylight.yangtools.yang.binding.DataObject,
-     * org.opendaylight.yangtools.yang.binding.DataObject)
-     */
      @Override
      protected void update(InstanceIdentifier<FlowCapableNode> key, FlowCapableNode dataObjectModificationBefore,
              FlowCapableNode dataObjectModificationAfter) {
          // do nothing
-
      }
  
-    /*
-     * (non-Javadoc)
-     *
-     * @see
-     * org.opendaylight.genius.datastoreutils.AsyncDataTreeChangeListenerBase#
-     * add(org.opendaylight.yangtools.yang.binding.InstanceIdentifier,
-     * org.opendaylight.yangtools.yang.binding.DataObject)
-     */
      @Override
      protected void add(InstanceIdentifier<FlowCapableNode> key, FlowCapableNode dataObjectModification) {
          LOG.trace("FlowCapableNode Added: key: {}", key);
-
          NodeKey nodeKey = key.firstKeyOf(Node.class);
          BigInteger dpnId = MDSALUtil.getDpnIdFromNodeName(nodeKey.getId());
          createTableDefaultEntries(dpnId);
@@ -146,6 +109,8 @@ public class AclNodeListener extends AsyncDataTreeChangeListenerBase<FlowCapable
       * @param dpnId the dpn id
       */
      private void createTableDefaultEntries(BigInteger dpnId) {
+        LOG.info("Adding default ACL entries for mode: "
+                + (securityGroupMode == null ? SecurityGroupMode.Stateful : securityGroupMode));
          if (securityGroupMode == null || securityGroupMode == SecurityGroupMode.Stateful) {
              addIngressAclTableMissFlow(dpnId);
              addEgressAclTableMissFlow(dpnId);
@@ -153,9 +118,15 @@ public class AclNodeListener extends AsyncDataTreeChangeListenerBase<FlowCapable
                      NwConstants.ADD_FLOW);
              addConntrackRules(dpnId, NwConstants.EGRESS_LPORT_DISPATCHER_TABLE, NwConstants.EGRESS_ACL_FILTER_TABLE,
                      NwConstants.ADD_FLOW);
-        } else {
+        } else if (securityGroupMode == SecurityGroupMode.Transparent) {
+            addTransparentIngressAclTableMissFlow(dpnId);
+            addTransparentEgressAclTableMissFlow(dpnId);
+        } else if (securityGroupMode == SecurityGroupMode.Stateless) {
              addStatelessIngressAclTableMissFlow(dpnId);
              addStatelessEgressAclTableMissFlow(dpnId);
+        } else if (securityGroupMode == SecurityGroupMode.Learn) {
+            addLearnIngressAclTableMissFlow(dpnId);
+            addLearnEgressAclTableMissFlow(dpnId);
          }
      }
  
@@ -168,7 +139,7 @@ public class AclNodeListener extends AsyncDataTreeChangeListenerBase<FlowCapable
          List<MatchInfo> mkMatches = new ArrayList<>();
          List<InstructionInfo> mkInstructions = new ArrayList<>();
          List<ActionInfo> actionsInfos = new ArrayList<>();
-        actionsInfos.add(new ActionInfo(ActionType.drop_action, new String[] {}));
+        actionsInfos.add(new ActionDrop());
          mkInstructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
  
          FlowEntity flowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_ACL_TABLE,
@@ -184,18 +155,174 @@ public class AclNodeListener extends AsyncDataTreeChangeListenerBase<FlowCapable
          LOG.debug("Added Ingress ACL Table Miss Flows for dpn {}", dpId);
      }
  
+    private void addLearnEgressAclTableMissFlow(BigInteger dpId) {
+        List<InstructionInfo> mkInstructions = new ArrayList<>();
+        List<ActionInfo> actionsInfos = new ArrayList<>();
+        actionsInfos.add(new ActionNxResubmit(NwConstants.EGRESS_LEARN_TABLE));
+        actionsInfos.add(new ActionNxResubmit(NwConstants.EGRESS_LEARN2_TABLE));
+        mkInstructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+        List<MatchInfo> mkMatches = new ArrayList<>();
+        FlowEntity doubleResubmitTable = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_ACL_TABLE,
+                "RESUB-" + getTableMissFlowId(NwConstants.EGRESS_ACL_TABLE),
+                AclConstants.PROTO_MATCH_PRIORITY, "Egress resubmit ACL Table Block", 0, 0,
+                AclConstants.COOKIE_ACL_BASE, mkMatches, mkInstructions);
+        mdsalManager.installFlow(doubleResubmitTable);
+
+        mkMatches = new ArrayList<>();
+        mkInstructions = new ArrayList<>();
+        actionsInfos = new ArrayList<>();
+        actionsInfos.add(new ActionDrop());
+        mkInstructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+        FlowEntity flowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_LEARN2_TABLE,
+                "LEARN-" + getTableMissFlowId(NwConstants.EGRESS_LEARN2_TABLE), 0,
+                "Egress Learn2 ACL Table Miss Flow", 0, 0,
+                AclConstants.COOKIE_ACL_BASE, mkMatches, mkInstructions);
+        mdsalManager.installFlow(flowEntity);
+
+        List<NxMatchInfo> nxMkMatches = new ArrayList<>();
+        nxMkMatches.add(new NxMatchInfo(NxMatchFieldType.nxm_reg_5,
+                new long[] {Long.valueOf(AclConstants.LEARN_MATCH_REG_VALUE)}));
+
+        short dispatcherTableId = NwConstants.EGRESS_LPORT_DISPATCHER_TABLE;
+        List<InstructionInfo> instructions = new ArrayList<>();
+        actionsInfos.add(new ActionNxResubmit(dispatcherTableId));
+        instructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+        flowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_LEARN2_TABLE,
+                "LEARN2-REG-" + getTableMissFlowId(NwConstants.EGRESS_LEARN2_TABLE),
+                AclConstants.PROTO_MATCH_PRIORITY, "Egress Learn2 ACL Table match reg Flow", 0, 0,
+                AclConstants.COOKIE_ACL_BASE, nxMkMatches, instructions);
+        mdsalManager.installFlow(flowEntity);
+        LOG.debug("Added learn ACL Table Miss Flows for dpn {}", dpId);
+    }
+
+    private void addLearnIngressAclTableMissFlow(BigInteger dpId) {
+        List<InstructionInfo> mkInstructions = new ArrayList<>();
+        List<ActionInfo> actionsInfos = new ArrayList<>();
+        actionsInfos.add(new ActionNxResubmit(NwConstants.INGRESS_LEARN_TABLE));
+        actionsInfos.add(new ActionNxResubmit(NwConstants.INGRESS_LEARN2_TABLE));
+        mkInstructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+        List<MatchInfo> mkMatches = new ArrayList<>();
+        FlowEntity doubleResubmitTable = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_ACL_TABLE,
+                "RESUB-" + getTableMissFlowId(NwConstants.INGRESS_ACL_TABLE),
+                AclConstants.PROTO_MATCH_PRIORITY, "Ingress resubmit ACL Table Block", 0, 0,
+                AclConstants.COOKIE_ACL_BASE, mkMatches, mkInstructions);
+        mdsalManager.installFlow(doubleResubmitTable);
+
+        mkMatches = new ArrayList<>();
+        mkInstructions = new ArrayList<>();
+        actionsInfos = new ArrayList<>();
+        actionsInfos.add(new ActionDrop());
+        mkInstructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+        FlowEntity flowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_LEARN2_TABLE,
+                "LEARN-" + getTableMissFlowId(NwConstants.INGRESS_LEARN2_TABLE), 0,
+                "Ingress Learn2 ACL Table Miss Flow", 0, 0,
+                AclConstants.COOKIE_ACL_BASE, mkMatches, mkInstructions);
+        mdsalManager.installFlow(flowEntity);
+
+        List<NxMatchInfo> nxMkMatches = new ArrayList<>();
+        nxMkMatches.add(new NxMatchInfo(NxMatchFieldType.nxm_reg_5,
+                new long[] {Long.valueOf(AclConstants.LEARN_MATCH_REG_VALUE)}));
+
+        short dispatcherTableId = NwConstants.LPORT_DISPATCHER_TABLE;
+        List<InstructionInfo> instructions = new ArrayList<>();
+        actionsInfos.add(new ActionNxResubmit(dispatcherTableId));
+        instructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+        flowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_LEARN2_TABLE,
+                "LEARN2-REG-" + getTableMissFlowId(NwConstants.INGRESS_LEARN2_TABLE),
+                AclConstants.PROTO_MATCH_PRIORITY, "Egress Learn2 ACL Table match reg Flow", 0, 0,
+                AclConstants.COOKIE_ACL_BASE, nxMkMatches, instructions);
+        mdsalManager.installFlow(flowEntity);
+        LOG.debug("Added learn ACL Table Miss Flows for dpn {}", dpId);
+
+    }
+
+    /**
+     * Adds the ingress acl table transparent flow.
+     *
+     * @param dpId the dp id
+     */
+    private void addTransparentIngressAclTableMissFlow(BigInteger dpId) {
+        List<MatchInfo> mkMatches = new ArrayList<>();
+        List<InstructionInfo> allowAllInstructions = new ArrayList<>();
+        allowAllInstructions.add(
+            new InstructionInfo(InstructionType.goto_table,
+                    new long[] { NwConstants.INGRESS_ACL_FILTER_TABLE }));
+
+        FlowEntity nextTblFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_ACL_TABLE,
+                getTableMissFlowId(NwConstants.INGRESS_ACL_TABLE), 0, "Ingress ACL Table allow all Flow",
+                0, 0, AclConstants.COOKIE_ACL_BASE, mkMatches, allowAllInstructions);
+        mdsalManager.installFlow(nextTblFlowEntity);
+
+        short dispatcherTableId = NwConstants.LPORT_DISPATCHER_TABLE;
+
+        List<ActionInfo> actionsInfos = new ArrayList<>();
+        List<InstructionInfo> dispatcherInstructions = new ArrayList<>();
+        actionsInfos.add(new ActionNxResubmit(dispatcherTableId));
+        dispatcherInstructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+        nextTblFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_ACL_FILTER_TABLE,
+                getTableMissFlowId(NwConstants.INGRESS_ACL_FILTER_TABLE), 0, "Ingress ACL Filter Table allow all Flow",
+                0, 0, AclConstants.COOKIE_ACL_BASE, mkMatches, dispatcherInstructions);
+        mdsalManager.installFlow(nextTblFlowEntity);
+
+        LOG.debug("Added Transparent Ingress ACL Table allow all Flows for dpn {}", dpId);
+    }
+
+    /**
+     * Adds the egress acl table transparent flow.
+     *
+     * @param dpId the dp id
+     */
+    private void addTransparentEgressAclTableMissFlow(BigInteger dpId) {
+        List<MatchInfo> mkMatches = new ArrayList<>();
+        List<InstructionInfo> allowAllInstructions = new ArrayList<>();
+        allowAllInstructions.add(
+            new InstructionInfo(InstructionType.goto_table,
+                    new long[] { NwConstants.EGRESS_ACL_FILTER_TABLE }));
+
+        FlowEntity nextTblFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_ACL_TABLE,
+                getTableMissFlowId(NwConstants.EGRESS_ACL_TABLE), 0, "Egress ACL Table allow all Flow",
+                0, 0, AclConstants.COOKIE_ACL_BASE, mkMatches, allowAllInstructions);
+        mdsalManager.installFlow(nextTblFlowEntity);
+
+        short dispatcherTableId =  NwConstants.EGRESS_LPORT_DISPATCHER_TABLE;
+
+        List<ActionInfo> actionsInfos = new ArrayList<>();
+        List<InstructionInfo> instructions = new ArrayList<>();
+        actionsInfos.add(new ActionNxResubmit(dispatcherTableId));
+        instructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+        nextTblFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_ACL_FILTER_TABLE,
+                getTableMissFlowId(NwConstants.EGRESS_ACL_FILTER_TABLE), 0, "Egress ACL Filter Table allow all Flow",
+                0, 0, AclConstants.COOKIE_ACL_BASE, mkMatches, instructions);
+        mdsalManager.installFlow(nextTblFlowEntity);
+
+        LOG.debug("Added Transparent Egress ACL Table allow all Flows for dpn {}", dpId);
+    }
+
      /**
       * Adds the ingress acl table miss flow.
       *
       * @param dpId the dp id
       */
      private void addStatelessIngressAclTableMissFlow(BigInteger dpId) {
-        List<InstructionInfo> synInstructions = new ArrayList<>();
          List<MatchInfo> synMatches = new ArrayList<>();
+        synMatches.add(new MatchInfo(MatchFieldType.eth_type,
+                new long[] { NwConstants.ETHTYPE_IPV4 }));
+        synMatches.add(new MatchInfo(MatchFieldType.ip_proto,
+                new long[] { IPProtocols.TCP.intValue() }));
+
          synMatches.add(new MatchInfo(MatchFieldType.tcp_flags, new long[] { AclConstants.TCP_FLAG_SYN }));
  
          List<ActionInfo> dropActionsInfos = new ArrayList<>();
-        dropActionsInfos.add(new ActionInfo(ActionType.drop_action, new String[] {}));
+        dropActionsInfos.add(new ActionDrop());
+        List<InstructionInfo> synInstructions = new ArrayList<>();
          synInstructions.add(new InstructionInfo(InstructionType.apply_actions, dropActionsInfos));
  
          FlowEntity synFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_ACL_TABLE,
@@ -205,6 +332,10 @@ public class AclNodeListener extends AsyncDataTreeChangeListenerBase<FlowCapable
          mdsalManager.installFlow(synFlowEntity);
  
          synMatches = new ArrayList<>();
+        synMatches.add(new MatchInfo(MatchFieldType.eth_type,
+                new long[] { NwConstants.ETHTYPE_IPV4 }));
+        synMatches.add(new MatchInfo(MatchFieldType.ip_proto,
+                new long[] { IPProtocols.TCP.intValue() }));
          synMatches.add(new MatchInfo(MatchFieldType.tcp_flags, new long[] { AclConstants.TCP_FLAG_SYN_ACK }));
  
          List<InstructionInfo> allowAllInstructions = new ArrayList<>();
@@ -225,13 +356,20 @@ public class AclNodeListener extends AsyncDataTreeChangeListenerBase<FlowCapable
                  0, 0, AclConstants.COOKIE_ACL_BASE, mkMatches, allowAllInstructions);
          mdsalManager.installFlow(flowEntity);
  
+        short dispatcherTableId =  NwConstants.EGRESS_LPORT_DISPATCHER_TABLE;
+
+        List<ActionInfo> actionsInfos = new ArrayList<>();
+        List<InstructionInfo> instructions = new ArrayList<>();
+        actionsInfos.add(new ActionNxResubmit(dispatcherTableId));
+        instructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
          FlowEntity nextTblFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_ACL_FILTER_TABLE,
                  getTableMissFlowId(NwConstants.EGRESS_ACL_FILTER_TABLE), 0,
                  "Ingress Stateless Next ACL Table Miss Flow", 0, 0, AclConstants.COOKIE_ACL_BASE,
-                mkMatches, allowAllInstructions);
+                mkMatches, instructions);
          mdsalManager.installFlow(nextTblFlowEntity);
  
-        LOG.debug("Added Stateless Ingress ACL Table Miss Flows for dpn {}", dpId);
+        LOG.debug("Added Stateless Ingress ACL Table Miss Flows for dpn {}.", dpId);
      }
  
      /**
@@ -244,12 +382,16 @@ public class AclNodeListener extends AsyncDataTreeChangeListenerBase<FlowCapable
          allowAllInstructions.add(
                  new InstructionInfo(InstructionType.goto_table, new long[] { NwConstants.INGRESS_ACL_FILTER_TABLE }));
  
-        List<InstructionInfo> synInstructions = new ArrayList<>();
          List<MatchInfo> synMatches = new ArrayList<>();
+        synMatches.add(new MatchInfo(MatchFieldType.eth_type,
+                new long[] { NwConstants.ETHTYPE_IPV4 }));
+        synMatches.add(new MatchInfo(MatchFieldType.ip_proto,
+                new long[] { IPProtocols.TCP.intValue() }));
          synMatches.add(new MatchInfo(MatchFieldType.tcp_flags, new long[] { AclConstants.TCP_FLAG_SYN }));
  
          List<ActionInfo> synActionsInfos = new ArrayList<>();
-        synActionsInfos.add(new ActionInfo(ActionType.drop_action, new String[] {}));
+        synActionsInfos.add(new ActionDrop());
+        List<InstructionInfo> synInstructions = new ArrayList<>();
          synInstructions.add(new InstructionInfo(InstructionType.apply_actions, synActionsInfos));
  
          FlowEntity synFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_ACL_TABLE,
@@ -259,6 +401,10 @@ public class AclNodeListener extends AsyncDataTreeChangeListenerBase<FlowCapable
          mdsalManager.installFlow(synFlowEntity);
  
          synMatches = new ArrayList<>();
+        synMatches.add(new MatchInfo(MatchFieldType.eth_type,
+                new long[] { NwConstants.ETHTYPE_IPV4 }));
+        synMatches.add(new MatchInfo(MatchFieldType.ip_proto,
+                new long[] { IPProtocols.TCP.intValue() }));
          synMatches.add(new MatchInfo(MatchFieldType.tcp_flags, new long[] { AclConstants.TCP_FLAG_SYN_ACK }));
  
          FlowEntity synAckFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_ACL_TABLE,
@@ -273,10 +419,17 @@ public class AclNodeListener extends AsyncDataTreeChangeListenerBase<FlowCapable
                  AclConstants.COOKIE_ACL_BASE, mkMatches, allowAllInstructions);
          mdsalManager.installFlow(flowEntity);
  
+        short dispatcherTableId = NwConstants.LPORT_DISPATCHER_TABLE;
+
+        List<ActionInfo> actionsInfos = new ArrayList<>();
+        List<InstructionInfo> dispatcherInstructions = new ArrayList<>();
+        actionsInfos.add(new ActionNxResubmit(dispatcherTableId));
+        dispatcherInstructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
          FlowEntity nextTblFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_ACL_FILTER_TABLE,
                  getTableMissFlowId(NwConstants.INGRESS_ACL_FILTER_TABLE), 0,
                  "Egress Stateless Next ACL Table Miss Flow", 0, 0, AclConstants.COOKIE_ACL_BASE, mkMatches,
-                allowAllInstructions);
+                dispatcherInstructions);
          mdsalManager.installFlow(nextTblFlowEntity);
  
          LOG.debug("Added Stateless Egress ACL Table Miss Flows for dpn {}", dpId);
@@ -291,7 +444,7 @@ public class AclNodeListener extends AsyncDataTreeChangeListenerBase<FlowCapable
          List<MatchInfo> mkMatches = new ArrayList<>();
          List<InstructionInfo> mkInstructions = new ArrayList<>();
          List<ActionInfo> actionsInfos = new ArrayList<>();
-        actionsInfos.add(new ActionInfo(ActionType.drop_action, new String[] {}));
+        actionsInfos.add(new ActionDrop());
          mkInstructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
  
          FlowEntity flowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_ACL_TABLE,
@@ -315,7 +468,7 @@ public class AclNodeListener extends AsyncDataTreeChangeListenerBase<FlowCapable
              .TRACKED_REL_CT_STATE, AclConstants.TRACKED_REL_CT_STATE_MASK, dispatcherTableId, tableId, write );
          programConntrackDropRule(dpnId, AclConstants.CT_STATE_NEW_PRIORITY_DROP,"Tracked_New",
              AclConstants.TRACKED_NEW_CT_STATE, AclConstants.TRACKED_NEW_CT_STATE_MASK, tableId, write );
-        programConntrackDropRule(dpnId, AclConstants.CT_STATE_NEW_PRIORITY_DROP, "Tracked_Invalid",
+        programConntrackDropRule(dpnId, AclConstants.CT_STATE_TRACKED_EXIST_PRIORITY, "Tracked_Invalid",
              AclConstants.TRACKED_INV_CT_STATE, AclConstants.TRACKED_INV_CT_STATE_MASK, tableId, write );
  
      }
@@ -324,12 +477,13 @@ public class AclNodeListener extends AsyncDataTreeChangeListenerBase<FlowCapable
       * Adds the rule to forward the packets known packets.
       *
       * @param dpId the dpId
-     * @param lportTag the lport tag
       * @param priority the priority of the flow
       * @param flowId the flowId
       * @param conntrackState the conntrack state of the packets thats should be
       *        send
       * @param conntrackMask the conntrack mask
+     * @param dispatcherTableId the dispatcher table id
+     * @param tableId the table id
       * @param addOrRemove whether to add or remove the flow
       */
      private void programConntrackForwardRule(BigInteger dpId, Integer priority, String flowId,
@@ -349,12 +503,12 @@ public class AclNodeListener extends AsyncDataTreeChangeListenerBase<FlowCapable
       * Adds the rule to drop the unknown/invalid packets .
       *
       * @param dpId the dpId
-     * @param lportTag the lport tag
       * @param priority the priority of the flow
       * @param flowId the flowId
       * @param conntrackState the conntrack state of the packets thats should be
       *        send
       * @param conntrackMask the conntrack mask
+     * @param tableId the table id
       * @param addOrRemove whether to add or remove the flow
       */
      private void programConntrackDropRule(BigInteger dpId, Integer priority, String flowId,
@@ -364,8 +518,8 @@ public class AclNodeListener extends AsyncDataTreeChangeListenerBase<FlowCapable
  
          List<InstructionInfo> instructions = new ArrayList<>();
          List<ActionInfo> actionsInfos = new ArrayList<>();
-        actionsInfos.add(new ActionInfo(ActionType.drop_action, new String[] {}));
-        instructions.add(new InstructionInfo(InstructionType.write_actions, actionsInfos));
+        actionsInfos.add(new ActionDrop());
+        instructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
          flowId = "Fixed_Conntrk_NewDrop_" + dpId + "_" + flowId + tableId;
          syncFlow(dpId, tableId, flowId, priority, "ACL", 0, 0,
                  AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
@@ -375,12 +529,13 @@ public class AclNodeListener extends AsyncDataTreeChangeListenerBase<FlowCapable
       * Gets the dispatcher table resubmit instructions.
       *
       * @param actionsInfos the actions infos
+     * @param dispatcherTableId the dispatcher table id
       * @return the instructions for dispatcher table resubmit
       */
      private List<InstructionInfo> getDispatcherTableResubmitInstructions(List<ActionInfo> actionsInfos,
                                                                           short dispatcherTableId) {
          List<InstructionInfo> instructions = new ArrayList<>();
-        actionsInfos.add(new ActionInfo(ActionType.nx_resubmit, new String[] {Short.toString(dispatcherTableId)}));
+        actionsInfos.add(new ActionNxResubmit(dispatcherTableId));
          instructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
          return instructions;
      }
@@ -425,13 +580,6 @@ public class AclNodeListener extends AsyncDataTreeChangeListenerBase<FlowCapable
          return String.valueOf(tableId);
      }
  
-    /*
-     * (non-Javadoc)
-     *
-     * @see
-     * org.opendaylight.genius.datastoreutils.AsyncDataTreeChangeListenerBase#
-     * getDataTreeChangeListener()
-     */
      @Override
      protected AclNodeListener getDataTreeChangeListener() {
          return AclNodeListener.this;