import org.opendaylight.genius.mdsalutil.instructions.InstructionWriteMetadata;
import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
import org.opendaylight.genius.mdsalutil.matches.MatchArpSha;
+import org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource;
import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType;
import org.opendaylight.genius.utils.ServiceIndex;
import org.opendaylight.netvirt.aclservice.api.AclServiceManager.Action;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeIngress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServices;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionEgress;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttr;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
LOG.info("programFixedRules : {} default rules.", action == Action.ADD ? "adding" : "removing");
if (action == Action.ADD || action == Action.REMOVE) {
-
- egressAclDhcpAllowClientTraffic(dpid, dhcpMacAddress, lportTag, addOrRemove);
- egressAclDhcpv6AllowClientTraffic(dpid, dhcpMacAddress, lportTag, addOrRemove);
+ Set<MacAddress> aapMacs =
+ allowedAddresses.stream().map(aap -> aap.getMacAddress()).collect(Collectors.toSet());
+ egressAclDhcpAllowClientTraffic(dpid, aapMacs, lportTag, addOrRemove);
+ egressAclDhcpv6AllowClientTraffic(dpid, aapMacs, lportTag, addOrRemove);
egressAclDhcpDropServerTraffic(dpid, dhcpMacAddress, lportTag, addOrRemove);
egressAclDhcpv6DropServerTraffic(dpid, dhcpMacAddress, lportTag, addOrRemove);
egressAclIcmpv6DropRouterAdvts(dpid, lportTag, addOrRemove);
@Override
protected void updateArpForAllowedAddressPairs(BigInteger dpId, int lportTag, List<AllowedAddressPairs> deletedAAP,
List<AllowedAddressPairs> addedAAP) {
- Set<MacAddress> deletedAAPmacs =
- deletedAAP.stream().map(AllowedAddressPairs::getMacAddress).collect(Collectors.toSet());
- Set<MacAddress> addedAAPmacs =
- addedAAP.stream().map(AllowedAddressPairs::getMacAddress).collect(Collectors.toSet());
-
- // Remove common macs to avoid delete and add of ARP flows having same MAC.
- deletedAAPmacs.removeAll(addedAAPmacs);
- programArpRule(dpId, deletedAAPmacs, lportTag, NwConstants.DEL_FLOW);
- programArpRule(dpId, addedAAPmacs, lportTag, NwConstants.ADD_FLOW);
+ // Remove common allowedAddrPairIPs to avoid delete and add of ARP flows having same MAC and IP
+ deletedAAP.removeAll(addedAAP);
+ programArpRule(dpId, deletedAAP, lportTag, NwConstants.DEL_FLOW);
+ programArpRule(dpId, addedAAP, lportTag, NwConstants.ADD_FLOW);
}
@Override
* allowed.
*
* @param dpId the dpid
- * @param dhcpMacAddress the DHCP server mac address
+ * @param aapMacs the AAP mac addresses
* @param lportTag the lport tag
* @param addOrRemove whether to add or remove the flow
*/
- private void egressAclDhcpAllowClientTraffic(BigInteger dpId, String dhcpMacAddress, int lportTag,
+ private void egressAclDhcpAllowClientTraffic(BigInteger dpId, Set<MacAddress> aapMacs, int lportTag,
int addOrRemove) {
- final List<MatchInfoBase> matches = AclServiceUtils.buildDhcpMatches(AclConstants.DHCP_CLIENT_PORT_IPV4,
- AclConstants.DHCP_SERVER_PORT_IPV4, lportTag, ServiceModeEgress.class);
-
List<ActionInfo> actionsInfos = new ArrayList<>();
List<InstructionInfo> instructions = getDispatcherTableResubmitInstructions(actionsInfos);
+ for (MacAddress aapMac : aapMacs) {
+ List<MatchInfoBase> matches = new ArrayList<>();
+ matches.addAll(AclServiceUtils.buildDhcpMatches(AclConstants.DHCP_CLIENT_PORT_IPV4,
+ AclConstants.DHCP_SERVER_PORT_IPV4, lportTag, ServiceModeEgress.class));
+ matches.add(new MatchEthernetSource(aapMac));
- String flowName = "Egress_DHCP_Client_v4" + dpId + "_" + lportTag + "_" + dhcpMacAddress + "_Permit_";
- syncFlow(dpId, NwConstants.INGRESS_ACL_TABLE, flowName, AclConstants.PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY,
- "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
+ String flowName = "Egress_DHCP_Client_v4" + dpId + "_" + lportTag + "_" + aapMac.getValue() + "_Permit_";
+ syncFlow(dpId, NwConstants.INGRESS_ACL_TABLE, flowName,
+ AclConstants.PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE,
+ matches, instructions, addOrRemove);
+ }
}
/**
* allowed.
*
* @param dpId the dpid
- * @param dhcpMacAddress the DHCP server mac address
+ * @param aapMacs the AAP mac addresses
* @param lportTag the lport tag
* @param addOrRemove whether to add or remove the flow
*/
- private void egressAclDhcpv6AllowClientTraffic(BigInteger dpId, String dhcpMacAddress, int lportTag,
+ private void egressAclDhcpv6AllowClientTraffic(BigInteger dpId, Set<MacAddress> aapMacs, int lportTag,
int addOrRemove) {
- final List<MatchInfoBase> matches = AclServiceUtils.buildDhcpV6Matches(AclConstants.DHCP_CLIENT_PORT_IPV6,
- AclConstants.DHCP_SERVER_PORT_IPV6, lportTag, ServiceModeEgress.class);
-
List<ActionInfo> actionsInfos = new ArrayList<>();
List<InstructionInfo> instructions = getDispatcherTableResubmitInstructions(actionsInfos);
+ for (MacAddress aapMac : aapMacs) {
+ List<MatchInfoBase> matches = new ArrayList<>();
+ matches.addAll(AclServiceUtils.buildDhcpV6Matches(AclConstants.DHCP_CLIENT_PORT_IPV6,
+ AclConstants.DHCP_SERVER_PORT_IPV6, lportTag, ServiceModeEgress.class));
+ matches.add(new MatchEthernetSource(aapMac));
- String flowName = "Egress_DHCP_Client_v6" + "_" + dpId + "_" + lportTag + "_" + dhcpMacAddress + "_Permit_";
- syncFlow(dpId, NwConstants.INGRESS_ACL_TABLE, flowName, AclConstants.PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY,
- "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
+ String flowName = "Egress_DHCP_Client_v6" + "_" + dpId + "_" + lportTag + "_" + aapMac.getValue()
+ + "_Permit_";
+ syncFlow(dpId, NwConstants.INGRESS_ACL_TABLE, flowName,
+ AclConstants.PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE,
+ matches, instructions, addOrRemove);
+ }
}
/**
- * Program arp rule.
+ * Adds the rule to allow arp packets.
*
- * @param dpId the dp id
+ * @param dpId the dpId
* @param allowedAddresses the allowed addresses
* @param lportTag the lport tag
* @param addOrRemove whether to add or remove the flow
*/
protected void programArpRule(BigInteger dpId, List<AllowedAddressPairs> allowedAddresses, int lportTag,
int addOrRemove) {
- // Collecting macs as a set to avoid duplicate
- Set<MacAddress> macs =
- allowedAddresses.stream().map(AllowedAddressPairs::getMacAddress).collect(Collectors.toSet());
- programArpRule(dpId, macs, lportTag, addOrRemove);
- }
+ for (AllowedAddressPairs allowedAddress : allowedAddresses) {
+ if (!AclServiceUtils.isIPv4Address(allowedAddress)) {
+ continue; // For IPv6 allowed addresses
+ }
- /**
- * Adds the rule to allow arp packets.
- *
- * @param dpId the dpId
- * @param macs the set of MACs
- * @param lportTag the lport tag
- * @param addOrRemove whether to add or remove the flow
- */
- protected void programArpRule(BigInteger dpId, Set<MacAddress> macs, int lportTag, int addOrRemove) {
- for (MacAddress mac : macs) {
+ IpPrefixOrAddress allowedAddressIp = allowedAddress.getIpAddress();
+ MacAddress allowedAddressMac = allowedAddress.getMacAddress();
+ List<MatchInfoBase> arpIpMatches = AclServiceUtils.buildArpIpMatches(allowedAddressIp);
List<MatchInfoBase> matches = new ArrayList<>();
matches.add(MatchEthernetType.ARP);
- matches.add(new MatchArpSha(mac));
+ matches.add(new MatchArpSha(allowedAddressMac));
+ matches.add(new MatchEthernetSource(allowedAddressMac));
+ matches.addAll(arpIpMatches);
matches.add(buildLPortTagMatch(lportTag));
List<InstructionInfo> instructions = getDispatcherTableResubmitInstructions(new ArrayList<>());
LOG.debug(addOrRemove == NwConstants.DEL_FLOW ? "Deleting " : "Adding " + "ARP Rule on DPID {}, "
+ "lportTag {}", dpId, lportTag);
- String flowName = "Egress_ARP_" + dpId + "_" + lportTag + "_" + mac.getValue();
+ String flowName = "Egress_ARP_" + dpId + "_" + lportTag + "_" + allowedAddress.getMacAddress().getValue()
+ + String.valueOf(allowedAddressIp.getValue());
syncFlow(dpId, NwConstants.INGRESS_ACL_TABLE, flowName,
AclConstants.PROTO_ARP_TRAFFIC_MATCH_PRIORITY, "ACL", 0, 0,
AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
import org.opendaylight.genius.mdsalutil.MetaDataUtil;
import org.opendaylight.genius.mdsalutil.NwConstants;
import org.opendaylight.genius.mdsalutil.NxMatchInfo;
+import org.opendaylight.genius.mdsalutil.matches.MatchArpSpa;
import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType;
import org.opendaylight.genius.mdsalutil.matches.MatchIcmpv6;
import org.opendaylight.genius.mdsalutil.matches.MatchIpProtocol;
*/
public static List<MatchInfoBase> buildDhcpMatches(int srcPort, int dstPort, int lportTag,
Class<? extends ServiceModeBase> serviceMode) {
- List<MatchInfoBase> matches = new ArrayList<>(6);
+ List<MatchInfoBase> matches = new ArrayList<>(5);
matches.add(MatchEthernetType.IPV4);
matches.add(MatchIpProtocol.UDP);
matches.add(new MatchUdpDestinationPort(dstPort));
return flowMatches;
}
+ /**
+ * Builds the arp ip matches.
+ * @param ipPrefixOrAddress the ip prefix or address
+ * @return the MatchInfoBase list
+ */
+ public static List<MatchInfoBase> buildArpIpMatches(IpPrefixOrAddress ipPrefixOrAddress) {
+ List<MatchInfoBase> flowMatches = new ArrayList<>();
+ IpPrefix ipPrefix = ipPrefixOrAddress.getIpPrefix();
+ if (ipPrefix != null) {
+ Ipv4Prefix ipv4Prefix = ipPrefix.getIpv4Prefix();
+ if (ipv4Prefix != null && !ipv4Prefix.getValue().equals(AclConstants.IPV4_ALL_NETWORK)) {
+ flowMatches.add(new MatchArpSpa(ipv4Prefix));
+ }
+ } else {
+ IpAddress ipAddress = ipPrefixOrAddress.getIpAddress();
+ if (ipAddress != null && ipAddress.getIpv4Address() != null) {
+ flowMatches.add(new MatchArpSpa(ipAddress.getIpv4Address().getValue(), "32"));
+ }
+ }
+ return flowMatches;
+ }
+
private List<MatchInfoBase> buildAclIdMetadataMatch(Uuid remoteAclId) {
List<MatchInfoBase> flowMatches = new ArrayList<>();
BigInteger aclId = buildAclId(remoteAclId);
return config;
}
- private static boolean isIPv4Address(AllowedAddressPairs aap) {
+ public static boolean isIPv4Address(AllowedAddressPairs aap) {
IpPrefixOrAddress ipPrefixOrAddress = aap.getIpAddress();
IpPrefix ipPrefix = ipPrefixOrAddress.getIpPrefix();
if (ipPrefix != null) {
}
} else {
IpAddress ipAddress = ipPrefixOrAddress.getIpAddress();
- if (ipAddress.getIpv4Address() != null) {
+ if (ipAddress != null && ipAddress.getIpv4Address() != null) {
return true;
}
}
import org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable
import org.opendaylight.genius.mdsalutil.instructions.InstructionWriteMetadata
import org.opendaylight.genius.mdsalutil.matches.MatchArpSha
+import org.opendaylight.genius.mdsalutil.matches.MatchArpSpa
+import org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource
import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType
import org.opendaylight.genius.mdsalutil.matches.MatchIcmpv6
import org.opendaylight.genius.mdsalutil.matches.MatchIpProtocol
import org.opendaylight.genius.mdsalutil.matches.MatchUdpDestinationPort
import org.opendaylight.genius.mdsalutil.matches.MatchUdpSourcePort
import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchRegister
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg6
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_DHCP_Client_v4123_987__Permit_"
+ flowId = "Egress_DHCP_Client_v4123_987_0D:AA:D8:42:30:F3_Permit_"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
new MatchIpProtocol(17 as short),
new MatchUdpDestinationPort(67),
new MatchUdpSourcePort(68),
- new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
+ new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG),
+ new MatchEthernetSource(new MacAddress("0D:AA:D8:42:30:F3"))
]
priority = 63010
tableId = 211 as short
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_DHCP_Client_v6_123_987__Permit_"
+ flowId = "Egress_DHCP_Client_v6_123_987_0D:AA:D8:42:30:F3_Permit_"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
new MatchIpProtocol(17 as short),
new MatchUdpDestinationPort(547),
new MatchUdpSourcePort(546),
- new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
+ new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG),
+ new MatchEthernetSource(new MacAddress("0D:AA:D8:42:30:F3"))
]
priority = 63010
tableId = 211 as short
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_ARP_123_987_0D:AA:D8:42:30:F3"
+ flowId = "Egress_ARP_123_987_0D:AA:D8:42:30:F310.0.0.1/32"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
matchInfoList = #[
new MatchEthernetType(2054L),
new MatchArpSha(new MacAddress("0D:AA:D8:42:30:F3")),
+ new MatchEthernetSource(new MacAddress("0D:AA:D8:42:30:F3")),
+ new MatchArpSpa(new Ipv4Prefix("10.0.0.1/32")),
new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
]
priority = 63010
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_DHCP_Client_v4123_987__Permit_"
+ flowId = "Egress_DHCP_Client_v4123_987_0D:AA:D8:42:30:F4_Permit_"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
new MatchIpProtocol(17 as short),
new MatchUdpDestinationPort(67 as short),
new MatchUdpSourcePort(68 as short),
- new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
+ new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG),
+ new MatchEthernetSource(new MacAddress("0D:AA:D8:42:30:F4"))
]
priority = 63010
tableId = 211 as short
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_DHCP_Client_v6_123_987__Permit_"
+ flowId = "Egress_DHCP_Client_v6_123_987_0D:AA:D8:42:30:F4_Permit_"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
new MatchIpProtocol(17 as short),
new MatchUdpDestinationPort(547 as short),
new MatchUdpSourcePort(546 as short),
- new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
+ new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG),
+ new MatchEthernetSource(new MacAddress("0D:AA:D8:42:30:F4"))
]
priority = 63010
tableId = 211 as short
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_ARP_123_987_0D:AA:D8:42:30:F4"
+ flowId = "Egress_ARP_123_987_0D:AA:D8:42:30:F410.0.0.2/32"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
matchInfoList = #[
new MatchEthernetType(2054L),
new MatchArpSha(new MacAddress("0D:AA:D8:42:30:F4")),
+ new MatchEthernetSource(new MacAddress("0D:AA:D8:42:30:F4")),
+ new MatchArpSpa(new Ipv4Prefix("10.0.0.2/32")),
new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
]
priority = 63010
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_DHCP_Client_v4123_987__Permit_"
+ flowId = "Egress_DHCP_Client_v4123_987_0D:AA:D8:42:30:F5_Permit_"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
new MatchIpProtocol(17 as short),
new MatchUdpDestinationPort(67),
new MatchUdpSourcePort(68),
- new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
+ new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG),
+ new MatchEthernetSource(new MacAddress("0D:AA:D8:42:30:F5"))
]
priority = 63010
tableId = 211 as short
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_DHCP_Client_v6_123_987__Permit_"
+ flowId = "Egress_DHCP_Client_v6_123_987_0D:AA:D8:42:30:F5_Permit_"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
new MatchIpProtocol(17 as short),
new MatchUdpDestinationPort(547),
new MatchUdpSourcePort(546),
- new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
+ new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG),
+ new MatchEthernetSource(new MacAddress("0D:AA:D8:42:30:F5"))
]
priority = 63010
tableId = 211 as short
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_ARP_123_987_0D:AA:D8:42:30:F5"
+ flowId = "Egress_ARP_123_987_0D:AA:D8:42:30:F510.0.0.3/32"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
matchInfoList = #[
new MatchEthernetType(2054L),
new MatchArpSha(new MacAddress("0D:AA:D8:42:30:F5")),
+ new MatchEthernetSource(new MacAddress("0D:AA:D8:42:30:F5")),
+ new MatchArpSpa(new Ipv4Prefix("10.0.0.3/32")),
new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
]
priority = 63010
matchInfoList = #[
new MatchEthernetType(2054L),
new MatchArpSha(new MacAddress("0D:AA:D8:42:30:F6")),
+ new MatchEthernetSource(new MacAddress("0D:AA:D8:42:30:F6")),
new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
]
priority = 63010
matchInfoList = #[
new MatchEthernetType(2054L),
new MatchArpSha(new MacAddress("0D:AA:D8:42:30:F6")),
+ new MatchEthernetSource(new MacAddress("0D:AA:D8:42:30:F6")),
new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
]
priority = 63010
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_DHCP_Client_v4123_987__Permit_"
+ flowId = "Egress_DHCP_Client_v4123_987_" + mac + "_Permit_"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
new MatchIpProtocol(17 as short),
new MatchUdpDestinationPort(67),
new MatchUdpSourcePort(68),
- new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
+ new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG),
+ new MatchEthernetSource(new MacAddress(mac))
]
priority = 63010
tableId = 211 as short
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_DHCP_Client_v6_123_987__Permit_"
+ flowId = "Egress_DHCP_Client_v6_123_987_" + mac + "_Permit_"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
new MatchIpProtocol(17 as short),
new MatchUdpDestinationPort(547),
new MatchUdpSourcePort(546),
- new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
+ new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG),
+ new MatchEthernetSource(new MacAddress(mac))
]
priority = 63010
tableId = 211 as short
matchInfoList = #[
new MatchEthernetType(2054L),
new MatchArpSha(new MacAddress(mac)),
+ new MatchEthernetSource(new MacAddress(mac)),
new MatchMetadata(1085217976614912bi, 1152920405095219200bi)
]
priority = 63010
import org.opendaylight.genius.mdsalutil.actions.ActionDrop
import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions
import org.opendaylight.genius.mdsalutil.matches.MatchArpSha
+import org.opendaylight.genius.mdsalutil.matches.MatchArpSpa
import org.opendaylight.genius.mdsalutil.matches.MatchEthernetDestination
import org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource
import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType
import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchUdpDestinationPort
import org.opendaylight.genius.mdsalutil.FlowEntityBuilder
import org.opendaylight.genius.mdsalutil.MetaDataUtil
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress
import org.opendaylight.genius.mdsalutil.NwConstants
import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchRegister
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_ARP_123_987_0D:AA:D8:42:30:F4"
+ flowId = "Egress_ARP_123_987_0D:AA:D8:42:30:F410.0.0.2/32"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
matchInfoList = #[
new MatchEthernetType(2054L),
new MatchArpSha(new MacAddress("0D:AA:D8:42:30:F4")),
+ new MatchEthernetSource(new MacAddress("0D:AA:D8:42:30:F4")),
+ new MatchArpSpa(new Ipv4Prefix("10.0.0.2/32")),
new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
]
priority = 63010
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_ARP_123_987_0D:AA:D8:42:30:A4"
+ flowId = "Egress_ARP_123_987_0D:AA:D8:42:30:F410.0.0.100/32"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionNxResubmit(17 as short)
+ ])
+ ]
+ matchInfoList = #[
+ new MatchEthernetType(2054L),
+ new MatchArpSha(new MacAddress("0D:AA:D8:42:30:F4")),
+ new MatchEthernetSource(new MacAddress("0D:AA:D8:42:30:F4")),
+ new MatchArpSpa(new Ipv4Prefix("10.0.0.100/32")),
+ new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
+ ]
+ priority = 63010
+ tableId = NwConstants.INGRESS_ACL_TABLE
+ ],
+ new FlowEntityBuilder >> [
+ dpnId = 123bi
+ cookie = 110100480bi
+ flowId = "Egress_ARP_123_987_0D:AA:D8:42:30:A410.0.0.101/32"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
matchInfoList = #[
new MatchEthernetType(2054L),
new MatchArpSha(new MacAddress("0D:AA:D8:42:30:A4")),
+ new MatchEthernetSource(new MacAddress("0D:AA:D8:42:30:A4")),
+ new MatchArpSpa(new Ipv4Prefix("10.0.0.101/32")),
new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
]
priority = 63010
tableId = NwConstants.INGRESS_ACL_TABLE
+ ],
+ new FlowEntityBuilder >> [
+ dpnId = 123bi
+ cookie = 110100480bi
+ flowId = "Egress_DHCP_Client_v4123_987_0D:AA:D8:42:30:A4_Permit_"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionNxResubmit(17 as short)
+ ])
+ ]
+ matchInfoList = #[
+ new MatchEthernetType(2048L),
+ new MatchIpProtocol(17 as short),
+ new MatchUdpDestinationPort(67 as short),
+ new MatchUdpSourcePort(68 as short),
+ new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG),
+ new MatchEthernetSource(new MacAddress("0D:AA:D8:42:30:A4"))
+ ]
+ priority = 63010
+ tableId = 211 as short
+ ],
+ new FlowEntityBuilder >> [
+ dpnId = 123bi
+ cookie = 110100480bi
+ flowId = "Egress_DHCP_Client_v6_123_987_0D:AA:D8:42:30:A4_Permit_"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionNxResubmit(17 as short)
+ ])
+ ]
+ matchInfoList = #[
+ new MatchEthernetType(34525L),
+ new MatchIpProtocol(17 as short),
+ new MatchUdpDestinationPort(547 as short),
+ new MatchUdpSourcePort(546 as short),
+ new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG),
+ new MatchEthernetSource(new MacAddress("0D:AA:D8:42:30:A4"))
+ ]
+ priority = 63010
+ tableId = 211 as short
]
]
}
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_DHCP_Client_v4123_987__Permit_"
+ flowId = "Egress_DHCP_Client_v4123_987_" + mac + "_Permit_"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
new MatchIpProtocol(17 as short),
new MatchUdpDestinationPort(67 as short),
new MatchUdpSourcePort(68 as short),
- new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
+ new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG),
+ new MatchEthernetSource(new MacAddress(mac))
]
priority = 63010
tableId = 211 as short
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_DHCP_Client_v6_123_987__Permit_"
+ flowId = "Egress_DHCP_Client_v6_123_987_" + mac + "_Permit_"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
new MatchIpProtocol(17 as short),
new MatchUdpDestinationPort(547 as short),
new MatchUdpSourcePort(546 as short),
- new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
+ new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG),
+ new MatchEthernetSource(new MacAddress(mac))
]
priority = 63010
tableId = 211 as short
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_ARP_123_987_" + mac
+ flowId = "Egress_ARP_123_987_" + mac + "10.0.0.1/32"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
matchInfoList = #[
new MatchEthernetType(2054L),
new MatchArpSha(new MacAddress(mac)),
+ new MatchEthernetSource(new MacAddress(mac)),
+ new MatchArpSpa(new Ipv4Prefix("10.0.0.1/32")),
new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
]
priority = 63010
import org.opendaylight.genius.mdsalutil.FlowEntityBuilder
import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions
import org.opendaylight.genius.mdsalutil.matches.MatchArpSha
+import org.opendaylight.genius.mdsalutil.matches.MatchArpSpa
+import org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource
import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType
import org.opendaylight.genius.mdsalutil.matches.MatchIcmpv4
import org.opendaylight.genius.mdsalutil.matches.MatchIcmpv6
import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchRegister
import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchTcpDestinationPort
import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchUdpDestinationPort
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg6
import org.opendaylight.genius.mdsalutil.matches.MatchMetadata
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_DHCP_Client_v4123_987__Permit_"
+ flowId = "Egress_DHCP_Client_v4123_987_" + mac + "_Permit_"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
new MatchIpProtocol(17 as short),
new MatchUdpDestinationPort(67 as short),
new MatchUdpSourcePort(68 as short),
- new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
+ new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG),
+ new MatchEthernetSource(new MacAddress(mac))
]
priority = 63010
tableId = 211 as short
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_DHCP_Client_v6_123_987__Permit_"
+ flowId = "Egress_DHCP_Client_v6_123_987_" + mac + "_Permit_"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
new MatchIpProtocol(17 as short),
new MatchUdpDestinationPort(547 as short),
new MatchUdpSourcePort(546 as short),
- new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG)
+ new MatchMetadata(1085217976614912bi, MetaDataUtil.METADATA_MASK_LPORT_TAG),
+ new MatchEthernetSource(new MacAddress(mac))
]
priority = 63010
tableId = 211 as short
new FlowEntityBuilder >> [
dpnId = 123bi
cookie = 110100480bi
- flowId = "Egress_ARP_123_987_" + mac
+ flowId = "Egress_ARP_123_987_" + mac + "10.0.0.1/32"
flowName = "ACL"
instructionInfoList = #[
new InstructionApplyActions(#[
matchInfoList = #[
new MatchEthernetType(2054L),
new MatchArpSha(new MacAddress(mac)),
+ new MatchEthernetSource(new MacAddress(mac)),
+ new MatchArpSpa(new Ipv4Prefix("10.0.0.1/32")),
new MatchMetadata(1085217976614912bi, 1152920405095219200bi)
]
priority = 63010