Bug 7730: Traffic drop in ACL during port update for AAP

Issue: ARP flows in ACL tables are missing if AAP with same MAC is updated

Fix:
+ For AAP case, changed the order of programming flows to delete and add
instead of add and delete flows.
+ For port update, programming ARP flows is handled separately.
  - For egress, deletion of ARP flow is skipped if AAP is updated for same
    MAC.
  - For ingress, no action required as ARP flow has match for lport
    tag only. MAC is not used here.

Change-Id: I6c814468d80a601e127c813ee1897f9ed18315bf
Signed-off-by: Somashekar Byrappa <somashekar.b@altencalsoftlabs.com>

diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractAclServiceImpl.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractAclServiceImpl.java
index b07b51592e29e1b41be2142fc2eeee5a9782f41f..dc79fecfd0b0c71e4f75c7d35884d5c8fc8462df 100644 (file)
--- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractAclServiceImpl.java
+++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractAclServiceImpl.java
@@ -151,14 +151,16 @@ public abstract class AbstractAclServiceImpl implements AclServiceListener {
         List<AllowedAddressPairs> deletedAllowedAddressPairs =
                 AclServiceUtils.getUpdatedAllowedAddressPairs(portBefore.getAllowedAddressPairs(),
                         portAfter.getAllowedAddressPairs());
-        if (addedAllowedAddressPairs != null && !addedAllowedAddressPairs.isEmpty()) {
-            programAclWithAllowedAddress(dpId, addedAllowedAddressPairs, portAfter.getLPortTag(),
-                    portAfter.getSecurityGroups(), Action.UPDATE, NwConstants.ADD_FLOW, portAfter.getInterfaceId());
-        }
         if (deletedAllowedAddressPairs != null && !deletedAllowedAddressPairs.isEmpty()) {
             programAclWithAllowedAddress(dpId, deletedAllowedAddressPairs, portAfter.getLPortTag(),
                     portAfter.getSecurityGroups(), Action.UPDATE, NwConstants.DEL_FLOW, portAfter.getInterfaceId());
         }
+        if (addedAllowedAddressPairs != null && !addedAllowedAddressPairs.isEmpty()) {
+            programAclWithAllowedAddress(dpId, addedAllowedAddressPairs, portAfter.getLPortTag(),
+                    portAfter.getSecurityGroups(), Action.UPDATE, NwConstants.ADD_FLOW, portAfter.getInterfaceId());
+        }
+        updateArpForAllowedAddressPairs(dpId, portAfter.getLPortTag(), deletedAllowedAddressPairs,
+                portAfter.getAllowedAddressPairs());
 
         updateAclInterfaceInCache(portBefore);
         // Have to delete and add all rules because there can be following scenario: Interface1 with SG1, Interface2
@@ -288,6 +290,17 @@ public abstract class AbstractAclServiceImpl implements AclServiceListener {
     protected abstract void programGeneralFixedRules(BigInteger dpid, String dhcpMacAddress,
             List<AllowedAddressPairs> allowedAddresses, int lportTag, Action action, int addOrRemove);
 
+    /**
+     * Update arp for allowed address pairs.
+     *
+     * @param dpId the dp id
+     * @param lportTag the lport tag
+     * @param deletedAAP the deleted allowed address pairs
+     * @param addedAAP the added allowed address pairs
+     */
+    protected abstract void updateArpForAllowedAddressPairs(BigInteger dpId, int lportTag,
+            List<AllowedAddressPairs> deletedAAP, List<AllowedAddressPairs> addedAAP);
+
     /**
      * Program the default specific rules.
      *

diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractEgressAclServiceImpl.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractEgressAclServiceImpl.java
index 3d6368b9ffdc03abf7f0f1b8519efe7d0fe12bb0..b572877078675434477a3403fc34fc4b656b6d4e 100644 (file)
--- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractEgressAclServiceImpl.java
+++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractEgressAclServiceImpl.java
@@ -8,14 +8,13 @@
 package org.opendaylight.netvirt.aclservice;
 
 import com.google.common.util.concurrent.ListenableFuture;
-
 import java.math.BigInteger;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-
+import java.util.stream.Collectors;
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
@@ -155,8 +154,23 @@ public abstract class AbstractEgressAclServiceImpl extends AbstractAclServiceImp
             egressAclDhcpv6DropServerTraffic(dpid, dhcpMacAddress, lportTag, addOrRemove);
             egressAclIcmpv6DropRouterAdvts(dpid, lportTag, addOrRemove);
             egressAclIcmpv6AllowedList(dpid, lportTag, addOrRemove);
+
+            programArpRule(dpid, allowedAddresses, lportTag, addOrRemove);
         }
-        programArpRule(dpid, allowedAddresses, lportTag, addOrRemove);
+    }
+
+    @Override
+    protected void updateArpForAllowedAddressPairs(BigInteger dpId, int lportTag, List<AllowedAddressPairs> deletedAAP,
+            List<AllowedAddressPairs> addedAAP) {
+        Set<MacAddress> deletedAAPmacs =
+                deletedAAP.stream().map(aap -> aap.getMacAddress()).collect(Collectors.toSet());
+        Set<MacAddress> addedAAPmacs = addedAAP.stream().map(aap -> aap.getMacAddress()).collect(Collectors.toSet());
+
+        // Remove common macs to avoid delete and add of ARP flows having same MAC.
+        deletedAAPmacs.removeAll(addedAAPmacs);
+
+        programArpRule(dpId, deletedAAPmacs, lportTag, NwConstants.DEL_FLOW);
+        programArpRule(dpId, addedAAPmacs, lportTag, NwConstants.ADD_FLOW);
     }
 
     @Override
@@ -394,25 +408,38 @@ public abstract class AbstractEgressAclServiceImpl extends AbstractAclServiceImp
     }
 
     /**
-     * Adds the rule to allow arp packets.
+     * Program arp rule.
      *
-     * @param dpId the dpId
+     * @param dpId the dp id
      * @param allowedAddresses the allowed addresses
      * @param lportTag the lport tag
      * @param addOrRemove whether to add or remove the flow
      */
     protected void programArpRule(BigInteger dpId, List<AllowedAddressPairs> allowedAddresses, int lportTag,
             int addOrRemove) {
-        for (AllowedAddressPairs allowedAddress : allowedAddresses) {
-            MacAddress attachMac = allowedAddress.getMacAddress();
+        // Collecting macs as a set to avoid duplicate
+        Set<MacAddress> macs = allowedAddresses.stream().map(aap -> aap.getMacAddress()).collect(Collectors.toSet());
+        programArpRule(dpId, macs, lportTag, addOrRemove);
+    }
+
+    /**
+     * Adds the rule to allow arp packets.
+     *
+     * @param dpId the dpId
+     * @param macs the set of MACs
+     * @param lportTag the lport tag
+     * @param addOrRemove whether to add or remove the flow
+     */
+    protected void programArpRule(BigInteger dpId, Set<MacAddress> macs, int lportTag, int addOrRemove) {
+        for (MacAddress mac : macs) {
             List<MatchInfoBase> matches = new ArrayList<>();
             matches.add(MatchEthernetType.ARP);
-            matches.add(new MatchArpSha(attachMac));
+            matches.add(new MatchArpSha(mac));
             matches.add(buildLPortTagMatch(lportTag));
 
             List<InstructionInfo> instructions = getDispatcherTableResubmitInstructions(new ArrayList<>());
 
-            String flowName = "Egress_ARP_" + dpId + "_" + lportTag + "_" + attachMac.getValue();
+            String flowName = "Egress_ARP_" + dpId + "_" + lportTag + "_" + mac.getValue();
             syncFlow(dpId, NwConstants.INGRESS_ACL_TABLE, flowName,
                     AclConstants.PROTO_ARP_TRAFFIC_MATCH_PRIORITY, "ACL", 0, 0,
                     AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);

diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractIngressAclServiceImpl.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractIngressAclServiceImpl.java
index b0364d2c0798e978d97f2be52a27213691db9110..4844e50dc8026c2a08f7ff3e4368c40b082337af 100644 (file)
--- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractIngressAclServiceImpl.java
+++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractIngressAclServiceImpl.java
@@ -163,8 +163,16 @@ public abstract class AbstractIngressAclServiceImpl extends AbstractAclServiceIm
             ingressAclDhcpv6AllowServerTraffic(dpid, dhcpMacAddress, lportTag, addOrRemove,
                     AclConstants.PROTO_PREFIX_MATCH_PRIORITY);
             ingressAclIcmpv6AllowedTraffic(dpid, lportTag, addOrRemove);
+
+            programArpRule(dpid, lportTag, addOrRemove);
         }
-        programArpRule(dpid, lportTag, addOrRemove);
+    }
+
+    @Override
+    protected void updateArpForAllowedAddressPairs(BigInteger dpId, int lportTag, List<AllowedAddressPairs> deletedAAP,
+            List<AllowedAddressPairs> addedAAP) {
+        // Nothing to do for port update as ingress ARP flow is based only on lportTag
+
     }
 
     @Override

diff --git a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/AclServiceStatefulIPv6Test.java b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/AclServiceStatefulIPv6Test.java
index 70b78f239e38acd779e669f5c97254da05f7a786..98eea7d8ed04fdca731c74282fabd092340f32c3 100644 (file)
--- a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/AclServiceStatefulIPv6Test.java
+++ b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/AclServiceStatefulIPv6Test.java
@@ -65,6 +65,12 @@ public class AclServiceStatefulIPv6Test extends AclServiceTestBaseIPv6 {
 
     @Override
     void newInterfaceWithAapIpv4AllCheck() {
-        // TODO Auto-generated method stub
+        // Not applicable as it is specific to IPv4 testing
+    }
+
+    @Override
+    void newInterfaceWithAapCheck() {
+        // TODO: To be handled
+
     }
 }

diff --git a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/AclServiceStatefulTest.java b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/AclServiceStatefulTest.java
index 58d34e3accfe3b11f7431e55fc2d6a4fb9ece745..2ce5d3641e64430b6173357a9309f30f6ab7e4f5 100644 (file)
--- a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/AclServiceStatefulTest.java
+++ b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/AclServiceStatefulTest.java
@@ -67,4 +67,9 @@ public class AclServiceStatefulTest extends AclServiceTestBase {
     void newInterfaceWithAapIpv4AllCheck() {
         assertFlowsInAnyOrder(ipv4statefulentries.aapWithIpv4AllFlows());
     }
+
+    @Override
+    void newInterfaceWithAapCheck() {
+        assertFlowsInAnyOrder(ipv4statefulentries.aapFlows());
+    }
 }

diff --git a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/AclServiceStatelessTest.java b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/AclServiceStatelessTest.java
index d58267724cad2625087afadbe1a4513ed1133a37..43b033790fb794af85a4a740e01f735a2b215f39 100644 (file)
--- a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/AclServiceStatelessTest.java
+++ b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/AclServiceStatelessTest.java
@@ -63,7 +63,13 @@ public class AclServiceStatelessTest extends AclServiceTestBase {
 
     @Override
     void newInterfaceWithAapIpv4AllCheck() {
-        // TODO Auto-generated method stub
+        // TODO: To be handled
+
+    }
+
+    @Override
+    void newInterfaceWithAapCheck() {
+        // TODO: To be handled
 
     }
 

diff --git a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/AclServiceTestBase.java b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/AclServiceTestBase.java
index 1514aaf79411d2bc02cf881215df08d04ede879c..5b926f77a289467a6779a00f984c2331414c07a9 100644 (file)
--- a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/AclServiceTestBase.java
+++ b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/AclServiceTestBase.java
@@ -402,6 +402,33 @@ public abstract class AclServiceTestBase {
 
     abstract void newInterfaceWithAapIpv4AllCheck();
 
+    @Test
+    public void newInterfaceWithAap() throws Exception {
+        LOG.info("newInterfaceWithAap test - start");
+
+        // AAP with same MAC and different IP
+        AllowedAddressPairs aapWithSameMac = buildAap("10.0.0.100/32", PORT_MAC_2);
+        // AAP with different MAC and different IP
+        AllowedAddressPairs aapWithDifferentMac = buildAap("10.0.0.101/32", "0D:AA:D8:42:30:A4");
+
+        newAllowedAddressPair(PORT_1, Collections.singletonList(SG_UUID_1), Collections.singletonList(AAP_PORT_1));
+        newAllowedAddressPair(PORT_2, Collections.singletonList(SG_UUID_1),
+                Arrays.asList(AAP_PORT_2, aapWithSameMac, aapWithDifferentMac));
+
+        prepareInterfaceWithIcmpAcl();
+        // When
+        putNewStateInterface(dataBroker, PORT_1, PORT_MAC_1);
+        putNewStateInterface(dataBroker, PORT_2, PORT_MAC_2);
+
+        asyncEventsWaiter.awaitEventsConsumption();
+
+        // Then
+        newInterfaceWithAapCheck();
+        LOG.info("newInterfaceWithAap test - end");
+    }
+
+    abstract void newInterfaceWithAapCheck();
+
     protected void assertFlowsInAnyOrder(Iterable<FlowEntity> expectedFlows) {
         asyncEventsWaiter.awaitEventsConsumption();
         coordinatorEventsWaiter.awaitEventsConsumption();

diff --git a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/FlowEntryObjectsStateful.xtend b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/FlowEntryObjectsStateful.xtend
index 609344a81f30916a89ac6d3763d82b94cd3a07b9..268ac6c1543845bb1d423ba35a0f497a62e558c4 100644 (file)
--- a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/FlowEntryObjectsStateful.xtend
+++ b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/FlowEntryObjectsStateful.xtend
@@ -7,10 +7,12 @@
  */
 package org.opendaylight.netvirt.aclservice.tests
 
+import org.opendaylight.genius.mdsalutil.FlowEntity
+import org.opendaylight.genius.mdsalutil.MetaDataUtil
+import org.opendaylight.genius.mdsalutil.NwConstants
+import org.opendaylight.genius.mdsalutil.actions.ActionDrop
 import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack
 import org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit
-import org.opendaylight.genius.mdsalutil.actions.ActionDrop
-import org.opendaylight.genius.mdsalutil.FlowEntity
 import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions
 import org.opendaylight.genius.mdsalutil.matches.MatchArpSha
 import org.opendaylight.genius.mdsalutil.matches.MatchEthernetDestination
@@ -21,19 +23,15 @@ import org.opendaylight.genius.mdsalutil.matches.MatchIcmpv6
 import org.opendaylight.genius.mdsalutil.matches.MatchIpProtocol
 import org.opendaylight.genius.mdsalutil.matches.MatchIpv4Destination
 import org.opendaylight.genius.mdsalutil.matches.MatchIpv4Source
+import org.opendaylight.genius.mdsalutil.matches.MatchMetadata
 import org.opendaylight.genius.mdsalutil.matches.MatchUdpDestinationPort
 import org.opendaylight.genius.mdsalutil.matches.MatchUdpSourcePort
 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtState
+import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchRegister
 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchTcpDestinationPort
 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchUdpDestinationPort
-import org.opendaylight.genius.mdsalutil.MetaDataUtil
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress
-
-import org.opendaylight.genius.mdsalutil.matches.MatchArpSha
-import org.opendaylight.genius.mdsalutil.NwConstants
-import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchRegister
 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg6
-import org.opendaylight.genius.mdsalutil.matches.MatchMetadata
 
 class FlowEntryObjectsStateful extends FlowEntryObjectsBase {
 
@@ -137,6 +135,14 @@ class FlowEntryObjectsStateful extends FlowEntryObjectsBase {
         + aapIpv4AllFlowsPort2
     }
 
+    protected def aapFlows() {
+        icmpFlows()
+        + aapRemoteFlowsPort1
+        // TODO: Temporarily adding duplicate flows to make TC pass. It needs to be removed later.
+        + aapRemoteFlowsPort1
+        + aapFlowsPort2
+    }
+
     protected def aapIpv4AllFlowsPort2() {
         #[
             new FlowEntity(123bi) => [
@@ -192,6 +198,108 @@ class FlowEntryObjectsStateful extends FlowEntryObjectsBase {
          ]
     }
 
+    protected def aapRemoteFlowsPort1() {
+        #[
+            remoteIngressFlowsPort("10.0.0.100"),
+            remoteIngressFlowsPort("10.0.0.101"),
+
+            remoteEgressFlowsPort("10.0.0.100"),
+            remoteEgressFlowsPort("10.0.0.101")
+         ]
+    }
+
+    protected def aapFlowsPort2() {
+        #[
+            new FlowEntity(123bi) => [
+                cookie = 110100480bi
+                flowId = "Egress_Fixed_Conntrk_123_0D:AA:D8:42:30:F4_10.0.0.100/32_Recirc"
+                flowName = "ACL"
+                instructionInfoList = #[
+                    new InstructionApplyActions(#[
+                        new ActionNxConntrack(2, 0, 0, 5000, NwConstants.INGRESS_ACL_REMOTE_ACL_TABLE)
+                    ])
+                ]
+                matchInfoList = #[
+                    new MatchEthernetSource(new MacAddress("0D:AA:D8:42:30:F4")),
+                    new MatchEthernetType(2048L),
+                    new MatchIpv4Source("10.0.0.100", "32")
+                ]
+                priority = 61010
+                tableId = NwConstants.INGRESS_ACL_TABLE
+            ],
+            new FlowEntity(123bi) => [
+                cookie = 110100480bi
+                flowId = "Ingress_Fixed_Conntrk_123_0D:AA:D8:42:30:F4_10.0.0.100/32_Recirc"
+                flowName = "ACL"
+                instructionInfoList = #[
+                    new InstructionApplyActions(#[
+                        new ActionNxConntrack(2, 0, 0, 5000, NwConstants.EGRESS_ACL_REMOTE_ACL_TABLE)
+                    ])
+                ]
+                matchInfoList = #[
+                    new MatchEthernetType(2048L),
+                    new MatchEthernetDestination(new MacAddress("0D:AA:D8:42:30:F4")),
+                    new MatchEthernetType(2048L),
+                    new MatchIpv4Destination("10.0.0.100", "32")
+                ]
+                priority = 61010
+                tableId = NwConstants.EGRESS_ACL_TABLE
+            ],
+            new FlowEntity(123bi) => [
+                cookie = 110100480bi
+                flowId = "Egress_Fixed_Conntrk_123_0D:AA:D8:42:30:A4_10.0.0.101/32_Recirc"
+                flowName = "ACL"
+                instructionInfoList = #[
+                    new InstructionApplyActions(#[
+                        new ActionNxConntrack(2, 0, 0, 5000, NwConstants.INGRESS_ACL_REMOTE_ACL_TABLE)
+                    ])
+                ]
+                matchInfoList = #[
+                    new MatchEthernetSource(new MacAddress("0D:AA:D8:42:30:A4")),
+                    new MatchEthernetType(2048L),
+                    new MatchIpv4Source("10.0.0.101", "32")
+                ]
+                priority = 61010
+                tableId = NwConstants.INGRESS_ACL_TABLE
+            ],
+            new FlowEntity(123bi) => [
+                cookie = 110100480bi
+                flowId = "Ingress_Fixed_Conntrk_123_0D:AA:D8:42:30:A4_10.0.0.101/32_Recirc"
+                flowName = "ACL"
+                instructionInfoList = #[
+                    new InstructionApplyActions(#[
+                        new ActionNxConntrack(2, 0, 0, 5000, NwConstants.EGRESS_ACL_REMOTE_ACL_TABLE)
+                    ])
+                ]
+                matchInfoList = #[
+                    new MatchEthernetType(2048L),
+                    new MatchEthernetDestination(new MacAddress("0D:AA:D8:42:30:A4")),
+                    new MatchEthernetType(2048L),
+                    new MatchIpv4Destination("10.0.0.101", "32")
+                ]
+                priority = 61010
+                tableId = NwConstants.EGRESS_ACL_TABLE
+            ],
+            new FlowEntity(123bi) => [
+                cookie = 110100480bi
+                flowId = "Egress_ARP_123_987_0D:AA:D8:42:30:A4"
+                flowName = "ACL"
+                instructionInfoList = #[
+                    new InstructionApplyActions(#[
+                        new ActionNxResubmit(17 as short)
+                    ])
+                ]
+                matchInfoList = #[
+                    new MatchEthernetType(2054L),
+                    new MatchArpSha(new MacAddress("0D:AA:D8:42:30:A4")),
+                    new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
+                ]
+                priority = 63010
+                tableId = NwConstants.INGRESS_ACL_TABLE
+            ]
+        ]
+    }
+
     protected def fixedConntrackIngressFlowsPort1() {
         #[
            new FlowEntity(123bi) => [

diff --git a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/FlowEntryObjectsStatefulIPv6.xtend b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/FlowEntryObjectsStatefulIPv6.xtend
index 286e32322088e4b2c094f4012482187f91d6b7a4..945435ad72b095218456ca336d22608ff46c124d 100644 (file)
--- a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/FlowEntryObjectsStatefulIPv6.xtend
+++ b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/FlowEntryObjectsStatefulIPv6.xtend
@@ -7,10 +7,11 @@
  */
 package org.opendaylight.netvirt.aclservice.tests
 
+import org.opendaylight.genius.mdsalutil.FlowEntity
+import org.opendaylight.genius.mdsalutil.MetaDataUtil
+import org.opendaylight.genius.mdsalutil.actions.ActionDrop
 import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack
 import org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit
-import org.opendaylight.genius.mdsalutil.actions.ActionDrop
-import org.opendaylight.genius.mdsalutil.FlowEntity
 import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions
 import org.opendaylight.genius.mdsalutil.matches.MatchEthernetDestination
 import org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource
@@ -20,13 +21,11 @@ import org.opendaylight.genius.mdsalutil.matches.MatchIpProtocol
 import org.opendaylight.genius.mdsalutil.matches.MatchIpv6Destination
 import org.opendaylight.genius.mdsalutil.matches.MatchIpv6Source
 import org.opendaylight.genius.mdsalutil.matches.MatchMetadata
-import org.opendaylight.genius.mdsalutil.MetaDataUtil
 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtState
+import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchRegister
 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchTcpDestinationPort
 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchUdpDestinationPort
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress
-
-import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchRegister
 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg6
 
 class FlowEntryObjectsStatefulIPv6 extends FlowEntryObjectsStateful {

diff --git a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/FlowEntryObjectsStateless.xtend b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/FlowEntryObjectsStateless.xtend
index 40677b85794dc0c2b7de13a67b72eefb6b6c083b..bc8bbf42982edeffc85cdd05c6c5bad6de18e3d7 100644 (file)
--- a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/FlowEntryObjectsStateless.xtend
+++ b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/FlowEntryObjectsStateless.xtend
@@ -7,12 +7,11 @@
  */
 package org.opendaylight.netvirt.aclservice.tests
 
+import org.opendaylight.genius.mdsalutil.FlowEntity
+import org.opendaylight.genius.mdsalutil.MetaDataUtil
 import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack
 import org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit
-import org.opendaylight.genius.mdsalutil.FlowEntity
 import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions
-import org.opendaylight.genius.mdsalutil.instructions.InstructionWriteMetadata
-import org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable
 import org.opendaylight.genius.mdsalutil.matches.MatchArpSha
 import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType
 import org.opendaylight.genius.mdsalutil.matches.MatchIcmpv4
@@ -20,18 +19,16 @@ import org.opendaylight.genius.mdsalutil.matches.MatchIcmpv6
 import org.opendaylight.genius.mdsalutil.matches.MatchIpProtocol
 import org.opendaylight.genius.mdsalutil.matches.MatchIpv4Destination
 import org.opendaylight.genius.mdsalutil.matches.MatchIpv4Source
+import org.opendaylight.genius.mdsalutil.matches.MatchMetadata
 import org.opendaylight.genius.mdsalutil.matches.MatchTcpFlags
 import org.opendaylight.genius.mdsalutil.matches.MatchUdpDestinationPort
 import org.opendaylight.genius.mdsalutil.matches.MatchUdpSourcePort
 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtState
+import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchRegister
 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchTcpDestinationPort
 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchUdpDestinationPort
-import org.opendaylight.genius.mdsalutil.MetaDataUtil
 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress
-
-import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchRegister
 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg6
-import org.opendaylight.genius.mdsalutil.matches.MatchMetadata
 
 class FlowEntryObjectsStateless extends FlowEntryObjectsBase {
 

diff --git a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/IdHelper.java b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/IdHelper.java
index df6859520068b608309ba323305f5402aa17a596..146f463c2aa3a4ba318c0722d63b2f04ec0c71a1 100644 (file)
--- a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/IdHelper.java
+++ b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/tests/IdHelper.java
@@ -54,6 +54,8 @@ public class IdHelper {
         idCacheMap.put("TCP_DESTINATION_80_65535_remoteACL_id_85cc3048-abc3-43cc-89b3-377341426ac5Egress98785cc3048-abc3-43cc-89b3-377341426ac6", 61010);
         idCacheMap.put("85cc3048-abc3-43cc-89b3-377341426ac5", 1 << 1);
         idCacheMap.put("85cc3048-abc3-43cc-89b3-377341426ac8", 2 << 1);
+        idCacheMap.put("ICMP_V4_DESTINATION_23__ipv4_remoteACL_interface_aap_0D:AA:D8:42:30:F4_10.0.0.100/32Egress98785cc3048-abc3-43cc-89b3-377341426ac6", 1027);
+        idCacheMap.put("ICMP_V4_DESTINATION_23__ipv4_remoteACL_interface_aap_0D:AA:D8:42:30:A4_10.0.0.101/32Egress98785cc3048-abc3-43cc-89b3-377341426ac6", 1028);
     }
 
     public static Integer getId(String key) {