Bug 7105: Fix learned matches for all TCP/UDP SG

Fixes learned matches for security rules allowing all
TCP/UDP to properly match the connection.
Refactor common learn implementation logic into common functions.

Change-Id: Ib94cb56cf8c026b85059f336ae042d0f1593e484
Signed-off-by: Alon Kochba <alonko@hpe.com>

diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnCommonAclServiceImpl.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnCommonAclServiceImpl.java
new file mode 100644 (file)
index 0000000..c770af5
--- /dev/null
+++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnCommonAclServiceImpl.java
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 2016 HPE, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+package org.opendaylight.netvirt.aclservice;
+
+import java.util.List;
+
+import org.opendaylight.genius.mdsalutil.ActionInfo;
+import org.opendaylight.genius.mdsalutil.NwConstants;
+import org.opendaylight.netvirt.aclservice.utils.AclConstants;
+
+public class LearnCommonAclServiceImpl {
+
+    protected static String[][] getOtherProtocolsLearnActionMatches(List<ActionInfo> actionsInfos) {
+        String[][] flowMod = new String[5][];
+
+        flowMod[0] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_VALUE.name(),
+                Integer.toString(NwConstants.ETHTYPE_IPV4),
+                NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getFlowModHeaderLen() };
+        flowMod[1] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getFlowModHeaderLen() };
+        flowMod[2] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getFlowModHeaderLen() };
+        flowMod[3] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getFlowModHeaderLen() };
+        flowMod[4] = new String[] {
+                NwConstants.LearnFlowModsType.COPY_FROM_VALUE.name(), AclConstants.LEARN_MATCH_REG_VALUE,
+                NwConstants.NxmOfFieldType.NXM_NX_REG5.getHexType(), "8" };
+
+        return flowMod;
+    }
+
+    protected static String[][] getTcpLearnActionMatches() {
+        String[][] learnActionMatches = new String[7][];
+
+        learnActionMatches[0] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_VALUE.name(),
+                Integer.toString(NwConstants.ETHTYPE_IPV4),
+                NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getFlowModHeaderLen() };
+        learnActionMatches[1] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_VALUE.name(),
+                Integer.toString(NwConstants.IP_PROT_TCP),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getFlowModHeaderLen() };
+        learnActionMatches[2] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getFlowModHeaderLen() };
+        learnActionMatches[3] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
+                NwConstants.NxmOfFieldType.NXM_OF_TCP_SRC.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_TCP_DST.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_TCP_DST.getFlowModHeaderLen() };
+        learnActionMatches[4] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getFlowModHeaderLen() };
+        learnActionMatches[5] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
+                NwConstants.NxmOfFieldType.NXM_OF_TCP_DST.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_TCP_SRC.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_TCP_SRC.getFlowModHeaderLen() };
+        learnActionMatches[6] = new String[] {
+                NwConstants.LearnFlowModsType.COPY_FROM_VALUE.name(), AclConstants.LEARN_MATCH_REG_VALUE,
+                NwConstants.NxmOfFieldType.NXM_NX_REG5.getHexType(), "8" };
+
+        return learnActionMatches;
+    }
+
+    protected static String[][] getUdpLearnActionMatches() {
+        String[][] learnActionMatches = new String[7][];
+
+        learnActionMatches[0] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_VALUE.name(),
+                Integer.toString(NwConstants.ETHTYPE_IPV4),
+                NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getFlowModHeaderLen() };
+        learnActionMatches[1] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_VALUE.name(),
+                Integer.toString(NwConstants.IP_PROT_UDP),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getFlowModHeaderLen() };
+        learnActionMatches[2] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getFlowModHeaderLen() };
+        learnActionMatches[3] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
+                NwConstants.NxmOfFieldType.NXM_OF_UDP_SRC.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_UDP_DST.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_UDP_SRC.getFlowModHeaderLen() };
+        learnActionMatches[4] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getFlowModHeaderLen() };
+        learnActionMatches[5] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
+                NwConstants.NxmOfFieldType.NXM_OF_UDP_DST.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_UDP_SRC.getHexType(),
+                NwConstants.NxmOfFieldType.NXM_OF_UDP_SRC.getFlowModHeaderLen() };
+        learnActionMatches[6] = new String[] {
+                NwConstants.LearnFlowModsType.COPY_FROM_VALUE.name(), AclConstants.LEARN_MATCH_REG_VALUE,
+                NwConstants.NxmOfFieldType.NXM_NX_REG5.getHexType(), "8" };
+
+        return learnActionMatches;
+    }
+
+}

diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnEgressAclServiceImpl.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnEgressAclServiceImpl.java
index a2a0957bcd7e6a3dee047ea28bd82be2e38644f8..c43d9bf59c288200486c9548d61a4e5d48a51b71 100644 (file)
--- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnEgressAclServiceImpl.java
+++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnEgressAclServiceImpl.java
@@ -19,7 +19,6 @@ import org.opendaylight.genius.mdsalutil.InstructionInfo;
 import org.opendaylight.genius.mdsalutil.InstructionType;
 import org.opendaylight.genius.mdsalutil.MatchInfoBase;
 import org.opendaylight.genius.mdsalutil.NwConstants;
-import org.opendaylight.genius.mdsalutil.NxMatchFieldType;
 import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
 import org.opendaylight.netvirt.aclservice.api.AclServiceManager.Action;
 import org.opendaylight.netvirt.aclservice.utils.AclConstants;
@@ -84,13 +83,9 @@ public class LearnEgressAclServiceImpl extends AbstractEgressAclServiceImpl {
      * learn flowmod learnFlowModType srcField dstField FlowModNumBits 0 1 2 3
      */
     private void addLearnActions(List<MatchInfoBase> flows, List<ActionInfo> actionsInfos) {
-        boolean isTcp = AclServiceUtils.containsMatchFieldType(flows, NxMatchFieldType.nx_tcp_src_with_mask)
-                || AclServiceUtils.containsMatchFieldType(flows, NxMatchFieldType.nx_tcp_dst_with_mask);
-        boolean isUdp = AclServiceUtils.containsMatchFieldType(flows, NxMatchFieldType.nx_udp_src_with_mask)
-                || AclServiceUtils.containsMatchFieldType(flows, NxMatchFieldType.nx_udp_dst_with_mask);
-        if (isTcp) {
+        if (AclServiceUtils.containsTcpMatchField(flows)) {
             addTcpLearnActions(actionsInfos);
-        } else if (isUdp) {
+        } else if (AclServiceUtils.containsUdpMatchField(flows)) {
             addUdpLearnActions(actionsInfos);
         } else {
             addOtherProtocolsLearnActions(actionsInfos);
@@ -98,116 +93,50 @@ public class LearnEgressAclServiceImpl extends AbstractEgressAclServiceImpl {
     }
 
     private void addOtherProtocolsLearnActions(List<ActionInfo> actionsInfos) {
-        String[][] flowMod = new String[5][];
-
-        flowMod[0] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_VALUE.name(),
-                Integer.toString(NwConstants.ETHTYPE_IPV4),
-                NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getFlowModHeaderLen() };
-        flowMod[1] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getFlowModHeaderLen() };
-        flowMod[2] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getFlowModHeaderLen() };
-        flowMod[3] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getFlowModHeaderLen() };
-        flowMod[4] = new String[] {
-                NwConstants.LearnFlowModsType.COPY_FROM_VALUE.name(), AclConstants.LEARN_MATCH_REG_VALUE,
-                NwConstants.NxmOfFieldType.NXM_NX_REG5.getHexType(), "8" };
+        String[][] learnActionMatches = LearnCommonAclServiceImpl.getOtherProtocolsLearnActionMatches(actionsInfos);
 
         String[] header = new String[] {
-                String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupDefaultIdleTimeout()),
-                String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupDefaultHardTimeout()),
-                AclConstants.PROTO_MATCH_PRIORITY.toString(),
-                AclConstants.COOKIE_ACL_BASE.toString(), "0",
-                Short.toString(NwConstants.EGRESS_LEARN_TABLE), "0", "0"};
-        actionsInfos.add(new ActionInfo(ActionType.learn, header, flowMod));
+            String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupDefaultIdleTimeout()),
+            String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupDefaultHardTimeout()),
+            AclConstants.PROTO_MATCH_PRIORITY.toString(),
+            AclConstants.COOKIE_ACL_BASE.toString(),
+            "0",
+            Short.toString(NwConstants.EGRESS_LEARN_TABLE),
+            "0",
+            "0"
+        };
+        actionsInfos.add(new ActionInfo(ActionType.learn, header, learnActionMatches));
     }
 
     private void addTcpLearnActions(List<ActionInfo> actionsInfos) {
-        String[][] flowMod = new String[7][];
-
-        flowMod[0] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_VALUE.name(),
-                Integer.toString(NwConstants.ETHTYPE_IPV4),
-                NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getFlowModHeaderLen() };
-        flowMod[1] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_VALUE.name(),
-                Integer.toString(NwConstants.IP_PROT_TCP),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getFlowModHeaderLen() };
-        flowMod[2] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getFlowModHeaderLen() };
-        flowMod[3] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_TCP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_TCP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_TCP_SRC.getFlowModHeaderLen() };
-        flowMod[4] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getFlowModHeaderLen() };
-        flowMod[5] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_TCP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_TCP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_TCP_DST.getFlowModHeaderLen() };
-        flowMod[6] = new String[] {
-                NwConstants.LearnFlowModsType.COPY_FROM_VALUE.name(), AclConstants.LEARN_MATCH_REG_VALUE,
-                NwConstants.NxmOfFieldType.NXM_NX_REG5.getHexType(), "8" };
+        String[][] learnActionMatches = LearnCommonAclServiceImpl.getTcpLearnActionMatches();
 
         String[] header = new String[] {
-                String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupTcpIdleTimeout()),
-                String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupTcpHardTimeout()),
-                AclConstants.PROTO_MATCH_PRIORITY.toString(),
-                AclConstants.COOKIE_ACL_BASE.toString(), "0",
-                Short.toString(NwConstants.EGRESS_LEARN_TABLE),
-                String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupTcpFinIdleTimeout()),
-                String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupTcpFinHardTimeout())};
-        actionsInfos.add(new ActionInfo(ActionType.learn, header, flowMod));
+            String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupTcpIdleTimeout()),
+            String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupTcpHardTimeout()),
+            AclConstants.PROTO_MATCH_PRIORITY.toString(),
+            AclConstants.COOKIE_ACL_BASE.toString(),
+            "0",
+            Short.toString(NwConstants.EGRESS_LEARN_TABLE),
+            String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupTcpFinIdleTimeout()),
+            String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupTcpFinHardTimeout())
+        };
+        actionsInfos.add(new ActionInfo(ActionType.learn, header, learnActionMatches));
     }
 
     private void addUdpLearnActions(List<ActionInfo> actionsInfos) {
-        String[][] flowMod = new String[7][];
-
-        flowMod[0] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_VALUE.name(),
-                Integer.toString(NwConstants.ETHTYPE_IPV4),
-                NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getFlowModHeaderLen() };
-        flowMod[1] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_VALUE.name(),
-                Integer.toString(NwConstants.IP_PROT_UDP),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getFlowModHeaderLen() };
-        flowMod[2] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getFlowModHeaderLen() };
-        flowMod[3] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_UDP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_UDP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_UDP_SRC.getFlowModHeaderLen() };
-        flowMod[4] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getFlowModHeaderLen() };
-        flowMod[5] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_UDP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_UDP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_UDP_DST.getFlowModHeaderLen() };
-        flowMod[6] = new String[] {
-                NwConstants.LearnFlowModsType.COPY_FROM_VALUE.name(), AclConstants.LEARN_MATCH_REG_VALUE,
-                NwConstants.NxmOfFieldType.NXM_NX_REG5.getHexType(), "8" };
+        String[][] learnActionMatches = LearnCommonAclServiceImpl.getUdpLearnActionMatches();
 
         String[] header = new String[] {
-                String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupUdpIdleTimeout()),
-                String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupUdpHardTimeout()),
-                AclConstants.PROTO_MATCH_PRIORITY.toString(),
-                AclConstants.COOKIE_ACL_BASE.toString(), "0",
-                Short.toString(NwConstants.EGRESS_LEARN_TABLE), "0", "0" };
-        actionsInfos.add(new ActionInfo(ActionType.learn, header, flowMod));
+            String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupUdpIdleTimeout()),
+            String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupUdpHardTimeout()),
+            AclConstants.PROTO_MATCH_PRIORITY.toString(),
+            AclConstants.COOKIE_ACL_BASE.toString(),
+            "0",
+            Short.toString(NwConstants.EGRESS_LEARN_TABLE),
+            "0",
+            "0"
+        };
+        actionsInfos.add(new ActionInfo(ActionType.learn, header, learnActionMatches));
     }
 }

diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnIngressAclServiceImpl.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnIngressAclServiceImpl.java
index aa2be89cec9973395a48acc0cbecb8d4a9a060b2..3fbd1ef854ea0b2aa02ba9a00da485b7e8c2488c 100644 (file)
--- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnIngressAclServiceImpl.java
+++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnIngressAclServiceImpl.java
@@ -19,7 +19,6 @@ import org.opendaylight.genius.mdsalutil.InstructionInfo;
 import org.opendaylight.genius.mdsalutil.InstructionType;
 import org.opendaylight.genius.mdsalutil.MatchInfoBase;
 import org.opendaylight.genius.mdsalutil.NwConstants;
-import org.opendaylight.genius.mdsalutil.NxMatchFieldType;
 import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
 import org.opendaylight.netvirt.aclservice.api.AclServiceManager.Action;
 import org.opendaylight.netvirt.aclservice.utils.AclConstants;
@@ -73,13 +72,9 @@ public class LearnIngressAclServiceImpl extends AbstractIngressAclServiceImpl {
      * learn flowmod learnFlowModType srcField dstField FlowModNumBits 0 1 2 3
      */
     private void addLearnActions(List<MatchInfoBase> flows, List<ActionInfo> actionsInfos) {
-        boolean isTcp = AclServiceUtils.containsMatchFieldType(flows, NxMatchFieldType.nx_tcp_src_with_mask)
-                || AclServiceUtils.containsMatchFieldType(flows, NxMatchFieldType.nx_tcp_dst_with_mask);
-        boolean isUdp = AclServiceUtils.containsMatchFieldType(flows, NxMatchFieldType.nx_udp_src_with_mask)
-                || AclServiceUtils.containsMatchFieldType(flows, NxMatchFieldType.nx_udp_dst_with_mask);
-        if (isTcp) {
+        if (AclServiceUtils.containsTcpMatchField(flows)) {
             addTcpLearnActions(actionsInfos);
-        } else if (isUdp) {
+        } else if (AclServiceUtils.containsUdpMatchField(flows)) {
             addUdpLearnActions(actionsInfos);
         } else {
             addOtherProtocolsLearnActions(actionsInfos);
@@ -87,116 +82,50 @@ public class LearnIngressAclServiceImpl extends AbstractIngressAclServiceImpl {
     }
 
     private void addOtherProtocolsLearnActions(List<ActionInfo> actionsInfos) {
-        String[][] flowMod = new String[5][];
-
-        flowMod[0] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_VALUE.name(),
-                Integer.toString(NwConstants.ETHTYPE_IPV4),
-                NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getFlowModHeaderLen() };
-        flowMod[1] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getFlowModHeaderLen() };
-        flowMod[2] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getFlowModHeaderLen() };
-        flowMod[3] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getFlowModHeaderLen() };
-        flowMod[4] = new String[] {
-                NwConstants.LearnFlowModsType.COPY_FROM_VALUE.name(), AclConstants.LEARN_MATCH_REG_VALUE,
-                NwConstants.NxmOfFieldType.NXM_NX_REG5.getHexType(), "8" };
+        String[][] learnActionMatches = LearnCommonAclServiceImpl.getOtherProtocolsLearnActionMatches(actionsInfos);
 
         String[] header = new String[] {
-                String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupDefaultIdleTimeout()),
-                String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupDefaultHardTimeout()),
-                AclConstants.PROTO_MATCH_PRIORITY.toString(),
-                AclConstants.COOKIE_ACL_BASE.toString(), "0",
-                Short.toString(NwConstants.INGRESS_LEARN_TABLE), "0", "0"};
-        actionsInfos.add(new ActionInfo(ActionType.learn, header, flowMod));
+            String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupDefaultIdleTimeout()),
+            String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupDefaultHardTimeout()),
+            AclConstants.PROTO_MATCH_PRIORITY.toString(),
+            AclConstants.COOKIE_ACL_BASE.toString(),
+            "0",
+            Short.toString(NwConstants.INGRESS_LEARN_TABLE),
+            "0",
+            "0"
+        };
+        actionsInfos.add(new ActionInfo(ActionType.learn, header, learnActionMatches));
     }
 
     private void addTcpLearnActions(List<ActionInfo> actionsInfos) {
-        String[][] flowMod = new String[7][];
-
-        flowMod[0] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_VALUE.name(),
-                Integer.toString(NwConstants.ETHTYPE_IPV4),
-                NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getFlowModHeaderLen() };
-        flowMod[1] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_VALUE.name(),
-                Integer.toString(NwConstants.IP_PROT_TCP),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getFlowModHeaderLen() };
-        flowMod[2] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getFlowModHeaderLen() };
-        flowMod[3] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_TCP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_TCP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_TCP_DST.getFlowModHeaderLen() };
-        flowMod[4] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getFlowModHeaderLen() };
-        flowMod[5] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_TCP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_TCP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_TCP_SRC.getFlowModHeaderLen() };
-        flowMod[6] = new String[] {
-                NwConstants.LearnFlowModsType.COPY_FROM_VALUE.name(), AclConstants.LEARN_MATCH_REG_VALUE,
-                NwConstants.NxmOfFieldType.NXM_NX_REG5.getHexType(), "8" };
+        String[][] learnActionMatches = LearnCommonAclServiceImpl.getTcpLearnActionMatches();
 
         String[] header = new String[] {
-                String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupTcpIdleTimeout()),
-                String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupTcpHardTimeout()),
-                AclConstants.PROTO_MATCH_PRIORITY.toString(),
-                AclConstants.COOKIE_ACL_BASE.toString(), "0",
-                Short.toString(NwConstants.INGRESS_LEARN_TABLE),
-                String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupTcpFinIdleTimeout()),
-                String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupTcpFinHardTimeout())};
-        actionsInfos.add(new ActionInfo(ActionType.learn, header, flowMod));
+            String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupTcpIdleTimeout()),
+            String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupTcpHardTimeout()),
+            AclConstants.PROTO_MATCH_PRIORITY.toString(),
+            AclConstants.COOKIE_ACL_BASE.toString(),
+            "0",
+            Short.toString(NwConstants.INGRESS_LEARN_TABLE),
+            String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupTcpFinIdleTimeout()),
+            String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupTcpFinHardTimeout())
+        };
+        actionsInfos.add(new ActionInfo(ActionType.learn, header, learnActionMatches));
     }
 
     private void addUdpLearnActions(List<ActionInfo> actionsInfos) {
-        String[][] flowMod = new String[7][];
-
-        flowMod[0] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_VALUE.name(),
-                Integer.toString(NwConstants.ETHTYPE_IPV4),
-                NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getFlowModHeaderLen() };
-        flowMod[1] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_VALUE.name(),
-                Integer.toString(NwConstants.IP_PROT_UDP),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getFlowModHeaderLen() };
-        flowMod[2] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getFlowModHeaderLen() };
-        flowMod[3] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_UDP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_UDP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_UDP_SRC.getFlowModHeaderLen() };
-        flowMod[4] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getFlowModHeaderLen() };
-        flowMod[5] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(),
-                NwConstants.NxmOfFieldType.NXM_OF_UDP_DST.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_UDP_SRC.getHexType(),
-                NwConstants.NxmOfFieldType.NXM_OF_UDP_SRC.getFlowModHeaderLen() };
-        flowMod[6] = new String[] {
-                NwConstants.LearnFlowModsType.COPY_FROM_VALUE.name(), AclConstants.LEARN_MATCH_REG_VALUE,
-                NwConstants.NxmOfFieldType.NXM_NX_REG5.getHexType(), "8" };
+        String[][] learnActionMatches = LearnCommonAclServiceImpl.getUdpLearnActionMatches();
 
         String[] header = new String[] {
-                String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupUdpIdleTimeout()),
-                String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupUdpHardTimeout()),
-                AclConstants.PROTO_MATCH_PRIORITY.toString(),
-                AclConstants.COOKIE_ACL_BASE.toString(), "0",
-                Short.toString(NwConstants.INGRESS_LEARN_TABLE), "0", "0" };
-        actionsInfos.add(new ActionInfo(ActionType.learn, header, flowMod));
+            String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupUdpIdleTimeout()),
+            String.valueOf(this.aclServiceUtils.getConfig().getSecurityGroupUdpHardTimeout()),
+            AclConstants.PROTO_MATCH_PRIORITY.toString(),
+            AclConstants.COOKIE_ACL_BASE.toString(),
+            "0",
+            Short.toString(NwConstants.INGRESS_LEARN_TABLE),
+            "0",
+            "0"
+            };
+        actionsInfos.add(new ActionInfo(ActionType.learn, header, learnActionMatches));
     }
 }

diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/utils/AclServiceUtils.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/utils/AclServiceUtils.java
index d85d069ca1e2ba0299ed2c9673791493a1dd210d..5b7c5a87f5d290cd688433f09ce448af03e570b6 100644 (file)
--- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/utils/AclServiceUtils.java
+++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/utils/AclServiceUtils.java
@@ -11,16 +11,20 @@ package org.opendaylight.netvirt.aclservice.utils;
 import com.google.common.base.Optional;
 import com.googlecode.ipv6.IPv6Address;
 import com.googlecode.ipv6.IPv6NetworkMask;
+
 import java.math.BigInteger;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Future;
+
 import javax.inject.Inject;
 import javax.inject.Singleton;
+
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
 import org.opendaylight.controller.md.sal.binding.api.ReadOnlyTransaction;
 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
@@ -681,11 +685,11 @@ public final class AclServiceUtils {
         return mib;
     }
 
-    public static MatchInfoBase getMatchInfoByType(List<MatchInfoBase> flows, MatchFieldType type) {
+    public static MatchInfo getMatchInfoByType(List<MatchInfoBase> flows, MatchFieldType type) {
         for (MatchInfoBase mib : flows) {
             if (mib instanceof MatchInfo) {
                 if (((MatchInfo)mib).getMatchField() == type) {
-                    return mib;
+                    return (MatchInfo) mib;
                 }
             }
         }
@@ -719,6 +723,24 @@ public final class AclServiceUtils {
         return false;
     }
 
+    public static boolean containsMatchFieldTypeAndValue(List<MatchInfoBase> flows, MatchFieldType type,
+            long[] values) {
+        MatchInfo mib = getMatchInfoByType(flows, type);
+        if (mib != null && Arrays.equals(mib.getMatchValues(), values)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    public static boolean containsTcpMatchField(List<MatchInfoBase> flows) {
+        return containsMatchFieldTypeAndValue(flows, MatchFieldType.ip_proto, new long[] {IPProtocols.TCP.intValue()});
+    }
+
+    public static boolean containsUdpMatchField(List<MatchInfoBase> flows) {
+        return containsMatchFieldTypeAndValue(flows, MatchFieldType.ip_proto, new long[] {IPProtocols.UDP.intValue()});
+    }
+
     public static Integer allocateId(IdManagerService idManager, String poolName, String idKey) {
         AllocateIdInput getIdInput = new AllocateIdInputBuilder().setPoolName(poolName).setIdKey(idKey).build();
         try {

diff --git a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/LearnEgressAclServiceImplTest.java b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/LearnEgressAclServiceImplTest.java
index 2ce69efde16bf152dc02a52cb7d3c8306eea9d23..ed69d81722b8ae8471084721bba602fde017d72b 100644 (file)
--- a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/LearnEgressAclServiceImplTest.java
+++ b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/LearnEgressAclServiceImplTest.java
@@ -15,8 +15,10 @@ import static org.mockito.Mockito.when;
 
 import com.google.common.base.Optional;
 import com.google.common.util.concurrent.Futures;
+
 import java.math.BigInteger;
 import java.util.Arrays;
+
 import org.junit.Before;
 import org.junit.Ignore;
 import org.junit.Test;
@@ -34,6 +36,7 @@ import org.opendaylight.genius.mdsalutil.NwConstants;
 import org.opendaylight.genius.mdsalutil.NxMatchFieldType;
 import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
 import org.opendaylight.netvirt.aclservice.api.utils.AclInterface;
+import org.opendaylight.netvirt.aclservice.utils.AclConstants;
 import org.opendaylight.netvirt.aclservice.utils.AclDataUtil;
 import org.opendaylight.netvirt.aclservice.utils.AclServiceTestUtils;
 import org.opendaylight.netvirt.aclservice.utils.AclServiceUtils;
@@ -74,6 +77,8 @@ public class LearnEgressAclServiceImplTest {
     MethodInvocationParamSaver<Void> installFlowValueSaver = null;
     MethodInvocationParamSaver<Void> removeFlowValueSaver = null;
 
+    final Integer tcpFinIdleTimeoutValue = 60;
+
     @Before
     public void setUp() {
         AclDataUtil aclDataUtil = new AclDataUtil();
@@ -86,7 +91,7 @@ public class LearnEgressAclServiceImplTest {
         doAnswer(installFlowValueSaver).when(mdsalManager).installFlow(any(FlowEntity.class));
         removeFlowValueSaver = new MethodInvocationParamSaver<>(null);
         doAnswer(installFlowValueSaver).when(mdsalManager).removeFlow(any(FlowEntity.class));
-
+        doReturn(tcpFinIdleTimeoutValue).when(config).getSecurityGroupTcpFinIdleTimeout();
     }
 
     @Test
@@ -115,6 +120,19 @@ public class LearnEgressAclServiceImplTest {
         AclServiceTestUtils.verifyActionTypeExist(flow.getInstructionInfoList().get(0).getActionInfos(),
                 ActionType.learn);
 
+        // verify that tcpFinIdleTimeout is used for TCP
+        AclServiceTestUtils.verifyActionInfo(flow.getInstructionInfoList().get(0).getActionInfos(),
+                ActionType.learn,
+                new String[] {
+                    String.valueOf(0),
+                    String.valueOf(0),
+                    AclConstants.PROTO_MATCH_PRIORITY.toString(),
+                    AclConstants.COOKIE_ACL_BASE.toString(),
+                    "0",
+                    Short.toString(NwConstants.EGRESS_LEARN_TABLE),
+                    String.valueOf(tcpFinIdleTimeoutValue),
+                    "0"
+                });
     }
 
     @Test
@@ -155,6 +173,20 @@ public class LearnEgressAclServiceImplTest {
                 NxMatchFieldType.nx_udp_dst_with_mask, "80", "65535");
         AclServiceTestUtils.verifyActionTypeExist(flow.getInstructionInfoList().get(0).getActionInfos(),
                 ActionType.learn);
+
+        // verify that even though tcpFinIdleTimeout is set to non-zero, it is not used for UDP
+        AclServiceTestUtils.verifyActionInfo(flow.getInstructionInfoList().get(0).getActionInfos(),
+                ActionType.learn,
+                new String[] {
+                    String.valueOf(0),
+                    String.valueOf(0),
+                    AclConstants.PROTO_MATCH_PRIORITY.toString(),
+                    AclConstants.COOKIE_ACL_BASE.toString(),
+                    "0",
+                    Short.toString(NwConstants.EGRESS_LEARN_TABLE),
+                    "0",
+                    "0"
+                });
     }
 
     @Test

diff --git a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/utils/AclServiceTestUtils.java b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/utils/AclServiceTestUtils.java
index 90d7641ac7efdcedb53a9b57177b1ba660291975..46eaf87cdad83d28dc23adf3ceb07919000cd0bf 100644 (file)
--- a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/utils/AclServiceTestUtils.java
+++ b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/utils/AclServiceTestUtils.java
@@ -215,6 +215,7 @@ public class AclServiceTestUtils {
             case drop_action:
                 break;
             case goto_table:
+            case learn:
             case nx_resubmit:
                 Assert.assertArrayEquals(params, action.getActionValues());
                 break;