Bug 3460 removed ip prefix from DHCP/DNS flows

Removes ip-prefix of EIC from and DHCP and DNS flows.
Only traffic based on destination port of these service is allowed.
IP prefix of EIC for ICMP is still part of flow match.

Removed comparison of flow priority in FlowEquivalence - duplicit flows are ignored

THIS COMMIT HAS IMPACT ON FLOW COUNT IN TABLE 4

Signed-off-by: Martin Sunal <msunal@cisco.com>

diff --git a/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/NeutronPortAware.java b/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/NeutronPortAware.java
index 0b40c29a6110d6bebd1b7a48d77aa04ead97e513..eba6607363afdc88eab52b2d068f09c48bc525a3 100644 (file)
--- a/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/NeutronPortAware.java
+++ b/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/NeutronPortAware.java
@@ -369,7 +369,6 @@ public class NeutronPortAware implements INeutronPortAware {
         NeutronSecurityRule dhcpSecRule = new NeutronSecurityRule();
         dhcpSecRule.setSecurityRuleGroupID(MappingUtils.EPG_DHCP_ID.getValue());
         dhcpSecRule.setSecurityRuleTenantID(tenantId.getValue());
-        dhcpSecRule.setSecurityRuleRemoteIpPrefix(Utils.getStringIpPrefix(ipSubnet));
         if (consumerEpgId != null) {
             dhcpSecRule.setSecurityRemoteGroupID(consumerEpgId.getValue());
         }
@@ -390,7 +389,6 @@ public class NeutronPortAware implements INeutronPortAware {
         NeutronSecurityRule dhcpSecRule = new NeutronSecurityRule();
         dhcpSecRule.setSecurityRuleGroupID(MappingUtils.EPG_DHCP_ID.getValue());
         dhcpSecRule.setSecurityRuleTenantID(tenantId.getValue());
-        dhcpSecRule.setSecurityRuleRemoteIpPrefix(Utils.getStringIpPrefix(ipSubnet));
         if (consumerEpgId != null) {
             dhcpSecRule.setSecurityRemoteGroupID(consumerEpgId.getValue());
         }
@@ -409,7 +407,6 @@ public class NeutronPortAware implements INeutronPortAware {
         NeutronSecurityRule dnsSecRule = new NeutronSecurityRule();
         dnsSecRule.setSecurityRuleGroupID(MappingUtils.EPG_DHCP_ID.getValue());
         dnsSecRule.setSecurityRuleTenantID(tenantId.getValue());
-        dnsSecRule.setSecurityRuleRemoteIpPrefix(Utils.getStringIpPrefix(ipSubnet));
         if (consumerEpgId != null) {
             dnsSecRule.setSecurityRemoteGroupID(consumerEpgId.getValue());
         }

diff --git a/renderers/ofoverlay/src/main/java/org/opendaylight/groupbasedpolicy/renderer/ofoverlay/PolicyManager.java b/renderers/ofoverlay/src/main/java/org/opendaylight/groupbasedpolicy/renderer/ofoverlay/PolicyManager.java
index 90d88c9488ab7f96223b7c7cd59e587a1b986df1..73fa28c5faf7a271fa5d4eff173d3f3465b4ce7f 100755 (executable)
--- a/renderers/ofoverlay/src/main/java/org/opendaylight/groupbasedpolicy/renderer/ofoverlay/PolicyManager.java
+++ b/renderers/ofoverlay/src/main/java/org/opendaylight/groupbasedpolicy/renderer/ofoverlay/PolicyManager.java
@@ -298,6 +298,8 @@ public class PolicyManager
 
             if (!wrappedFlows.contains(wFlow)) {
                 tableBuilder.getFlow().add(Preconditions.checkNotNull(flow));
+            } else {
+                LOG.debug("Flow already exists in FlowMap - {}", flow);
             }
         }
 

diff --git a/renderers/ofoverlay/src/main/java/org/opendaylight/groupbasedpolicy/renderer/ofoverlay/equivalence/FlowEquivalence.java b/renderers/ofoverlay/src/main/java/org/opendaylight/groupbasedpolicy/renderer/ofoverlay/equivalence/FlowEquivalence.java
index 08a3cdd092847bf162f1febf2ede2464c7ad93ac..eff8231606ec45c3fc691a41dec6173c756c75b2 100755 (executable)
--- a/renderers/ofoverlay/src/main/java/org/opendaylight/groupbasedpolicy/renderer/ofoverlay/equivalence/FlowEquivalence.java
+++ b/renderers/ofoverlay/src/main/java/org/opendaylight/groupbasedpolicy/renderer/ofoverlay/equivalence/FlowEquivalence.java
@@ -79,9 +79,6 @@ public class FlowEquivalence extends Equivalence<Flow> {
         if (!Objects.equals(a.getOutPort(), b.getOutPort())) {
             return false;
         }
-        if (!Objects.equals(a.getPriority(), b.getPriority())) {
-            return false;
-        }
         if (!Objects.equals(a.getTableId(), b.getTableId())) {
             return false;
         }
@@ -121,7 +118,6 @@ public class FlowEquivalence extends Equivalence<Flow> {
                 : EquivalenceFabric.MATCH_EQUIVALENCE.wrap(flow.getMatch()).hashCode());
         result = prime * result + ((flow.getOutGroup() == null) ? 0 : flow.getOutGroup().hashCode());
         result = prime * result + ((flow.getOutPort() == null) ? 0 : flow.getOutPort().hashCode());
-        result = prime * result + ((flow.getPriority() == null) ? 0 : flow.getPriority().hashCode());
         result = prime * result + ((flow.getTableId() == null) ? 0 : flow.getTableId().hashCode());
         result = prime * result + ((flow.isBarrier() == null) ? 0 : flow.isBarrier().hashCode());
         result = prime * result + ((flow.isInstallHw() == null) ? 0 : flow.isInstallHw().hashCode());

diff --git a/renderers/ofoverlay/src/main/java/org/opendaylight/groupbasedpolicy/renderer/ofoverlay/flow/PolicyEnforcer.java b/renderers/ofoverlay/src/main/java/org/opendaylight/groupbasedpolicy/renderer/ofoverlay/flow/PolicyEnforcer.java
index d03f943d816b2b3a794e8d8360717d9c3c385d13..3e9eaed75d70166566dc5472e8f70875a01cb00f 100755 (executable)
--- a/renderers/ofoverlay/src/main/java/org/opendaylight/groupbasedpolicy/renderer/ofoverlay/flow/PolicyEnforcer.java
+++ b/renderers/ofoverlay/src/main/java/org/opendaylight/groupbasedpolicy/renderer/ofoverlay/flow/PolicyEnforcer.java
@@ -17,7 +17,6 @@ import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtil
 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.EndpointManager.isExternal;
 
 import java.util.ArrayList;
-import java.util.Collection;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.HashMap;
@@ -486,42 +485,52 @@ public class PolicyEnforcer extends FlowTable {
                     RegMatch.of(NxmNxReg1.class, Long.valueOf(cgPair.scgId)),
                     RegMatch.of(NxmNxReg2.class, Long.valueOf(cgPair.depg)),
                     RegMatch.of(NxmNxReg3.class, Long.valueOf(cgPair.dcgId)));
-            if (sIpPrefix != null) {
-                baseMatch.setLayer3Match(createLayer3Match(sIpPrefix, true));
-            }
-            if (dIpPrefix != null) {
-                baseMatch.setLayer3Match(createLayer3Match(dIpPrefix, true));
-            }
+            baseMatch.setLayer3Match(createLayer3Match(sIpPrefix, dIpPrefix));
         } else {
             addNxRegMatch(baseMatch,
                     RegMatch.of(NxmNxReg0.class, Long.valueOf(cgPair.depg)),
                     RegMatch.of(NxmNxReg1.class, Long.valueOf(cgPair.dcgId)),
                     RegMatch.of(NxmNxReg2.class, Long.valueOf(cgPair.sepg)),
                     RegMatch.of(NxmNxReg3.class, Long.valueOf(cgPair.scgId)));
-            if (sIpPrefix != null) {
-                baseMatch.setLayer3Match(createLayer3Match(sIpPrefix, false));
-            }
-            if (dIpPrefix != null) {
-                baseMatch.setLayer3Match(createLayer3Match(dIpPrefix, false));
-            }
+            baseMatch.setLayer3Match(createLayer3Match(dIpPrefix, sIpPrefix));
         }
         return baseMatch;
     }
 
-    private Layer3Match createLayer3Match(IpPrefix ipPrefix, boolean isSrc) {
-        if (ipPrefix.getIpv4Prefix() != null) {
-            if (isSrc) {
-                return new Ipv4MatchBuilder().setIpv4Source(ipPrefix.getIpv4Prefix()).build();
+    private Layer3Match createLayer3Match(IpPrefix sIpPrefix, IpPrefix dIpPrefix) {
+        Ipv4MatchBuilder ipv4MatchBuilder = new Ipv4MatchBuilder();
+        boolean isIPv4 = false;
+        Ipv6MatchBuilder ipv6MatchBuilder = new Ipv6MatchBuilder();
+        boolean isIPv6 = false;
+        if (sIpPrefix != null) {
+            if (sIpPrefix.getIpv4Prefix() != null) {
+                ipv4MatchBuilder.setIpv4Source(sIpPrefix.getIpv4Prefix());
+                isIPv4 = true;
             } else {
-                return new Ipv4MatchBuilder().setIpv4Destination(ipPrefix.getIpv4Prefix()).build();
+                ipv6MatchBuilder.setIpv6Source(sIpPrefix.getIpv6Prefix());
+                isIPv6 = true;
             }
-        } else {
-            if (isSrc) {
-                return new Ipv6MatchBuilder().setIpv6Source(ipPrefix.getIpv6Prefix()).build();
+        }
+        if (dIpPrefix != null) {
+            if (dIpPrefix.getIpv4Prefix() != null) {
+                ipv4MatchBuilder.setIpv4Destination(dIpPrefix.getIpv4Prefix());
+                isIPv4 = true;
             } else {
-                return new Ipv6MatchBuilder().setIpv6Destination(ipPrefix.getIpv6Prefix()).build();
+                ipv6MatchBuilder.setIpv6Destination(dIpPrefix.getIpv6Prefix());
+                isIPv6 = true;
             }
         }
+        if (isIPv4 && isIPv6) {
+            LOG.warn("EIC with IP prefix contains different IP versions. EIC is ignored.");
+            return null;
+        }
+        if (isIPv4) {
+            return ipv4MatchBuilder.build();
+        }
+        if (isIPv6) {
+            return ipv6MatchBuilder.build();
+        }
+        return null;
     }
 
     // TODO: move to a common utils for all renderers