ACL: Support for non-conntrack supported traffic.
+ This is implementation for spec "Support for protocols that are not
supported by conntrack".
+ This involves redesign of entire ACL pipeline.
+ UT is disabled in this patch. It will be handled separately as part of https://git.opendaylight.org/gerrit/#/c/66553/.
This patch currently addresses (a) and (c) of below three issues as
mentioned in the spec:
a. Enhance ACL to support protocols like OSPF, VRRP etc that are not
supported by conntrack in stateful mode.
b. Handle overlapping IP addresses while processing remote ACLs.
c. Optimization for Remote ACL by reducing number of flows even for ports
having multiple ACLs.
Patch-1:
+ ACL default flows are changed as per the new pipeline.
Patch-2:
+ Updated bind service to exclude writing ELAN/VPN ID into metadata.
+ Removed dependency on vpnmanager and it is not required anymore.
Patch-3:
+ Rebased
Patch-4:
+ Fixed compilation issues. Removed VPN-ID related code.
Patch-5:
+ Handled programming general fixed flows.
+ Handled programming port specific fixed flows.
Patch-6:
+ Rebased
Patch-7:
+ Handled programming ACL commit flows.
+ Refactored: Moved programAceSpecificFlow() logic from
Stateful***AclServiceImpl to AbstractAclServiceImpl class.
Patch-8:
+ Handled programming ACL dispatcher table.
Patch-9:
+ Updated programming ACL dispatcher table.
+ Handled programming Remote ACL table.
Patch-10:
+ Rebased
Patch-11:
+ Code-cleanup
Patch-12:
+ Rebased
Patch-13:
+ Handled port update. Update for port-security-enabled, AAP and SG
changes.
Patch-14:
+ Rebased
Patch-15:
+ Handle port-update with allowed-address-pair change.
Patch-16:
+ Used DJC to program ACL node default flows.
+ Used single transaction for programming ACL node default flows.
+ Refactored AclNodeListener.
Patch-17:
+ Refactored to keep single level of abstraction as no other
security-group modes are supported except stateful.
+ Updated to display cache aclTagMap.
Patch-18:
+ This patch was mistakenly uploaded by Nishchya.
Patch-19:
+ Rebased.
Patch-20:
+ Changed references from METADATA_MASK_REMOTE_ACL_ID to
METADATA_MASK_REMOTE_ACL_TAG.
Patch-21:
+ Rebased.
Patch-22:
+ Rebased.
Patch-23:
+ Rebased.
Patch-24:
+ Rebased. Aligned [0] with the latest ACL pipeline.
[0] https://git.opendaylight.org/gerrit/#/c/66788/
Patch-25:
+ Rebased.
Depends-On: I95df598428f6351e2abb0b173a4318253c9e20bc
Change-Id: Ie82fa8bf1eb139039247adb2321a53babe8fdc83
Signed-off-by: Somashekar Byrappa <somashekar.b@altencalsoftlabs.com>
Code Review / netvirt.git / commit