import org.opendaylight.controller.sal.binding.api.RpcProviderRegistry;
import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
import org.opendaylight.netvirt.aclservice.api.AclServiceManager;
+import org.opendaylight.netvirt.aclservice.listeners.AclNodeListener;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.OdlInterfaceRpcService;
-
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
private RpcProviderRegistry rpcProviderRegistry;
private AclServiceManager aclServiceManager;
private AclInterfaceEventListener aclInterfaceEventListener;
+ private AclNodeListener aclNodeListener;
/**
* Set the rpc registery.
aclServiceManager.addAclServiceListner(new EgressAclServiceImpl(broker, interfaceService, mdsalManager));
aclInterfaceEventListener = new AclInterfaceEventListener(aclServiceManager, broker);
aclInterfaceEventListener.registerListener(LogicalDatastoreType.OPERATIONAL, broker);
+ aclNodeListener = new AclNodeListener(mdsalManager);
+ aclNodeListener.registerListener(LogicalDatastoreType.OPERATIONAL, broker);
LOG.info("ACL Service Initiated");
}
@Override
public void close() throws Exception {
+ aclInterfaceEventListener.close();
+ aclNodeListener.close();
+
LOG.info("ACL Service closed");
}
}
\ No newline at end of file
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.InterfacesState;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.Instruction;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.GetDpidFromInterfaceInput;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.GetDpidFromInterfaceInputBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.GetDpidFromInterfaceOutput;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.OdlInterfaceRpcService;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceBindings;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeBase;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceTypeFlowBased;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.StypeOpenflow;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.StypeOpenflowBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.ServicesInfo;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.ServicesInfoKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServices;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServicesBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServicesKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl;
import org.opendaylight.yangtools.yang.binding.DataObject;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
new long[] { dscPort}));
return matches;
}
+
+ /**
+ * Builds the service id.
+ *
+ * @param interfaceName the interface name
+ * @param serviceIndex the service index
+ * @param serviceMode the service mode
+ * @return the instance identifier
+ */
+ public static InstanceIdentifier<BoundServices> buildServiceId(String interfaceName, short serviceIndex,
+ Class<? extends ServiceModeBase> serviceMode) {
+ return InstanceIdentifier.builder(ServiceBindings.class)
+ .child(ServicesInfo.class, new ServicesInfoKey(interfaceName, serviceMode))
+ .child(BoundServices.class, new BoundServicesKey(serviceIndex)).build();
+ }
+
+ /**
+ * Gets the bound services.
+ *
+ * @param serviceName the service name
+ * @param servicePriority the service priority
+ * @param flowPriority the flow priority
+ * @param cookie the cookie
+ * @param instructions the instructions
+ * @return the bound services
+ */
+ public static BoundServices getBoundServices(String serviceName, short servicePriority, int flowPriority,
+ BigInteger cookie, List<Instruction> instructions) {
+ StypeOpenflowBuilder augBuilder = new StypeOpenflowBuilder().setFlowCookie(cookie).setFlowPriority(flowPriority)
+ .setInstruction(instructions);
+ return new BoundServicesBuilder().setKey(new BoundServicesKey(servicePriority)).setServiceName(serviceName)
+ .setServicePriority(servicePriority).setServiceType(ServiceTypeFlowBased.class)
+ .addAugmentation(StypeOpenflow.class, augBuilder.build()).build();
+ }
}
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.List;
-
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
+import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.genius.mdsalutil.ActionInfo;
import org.opendaylight.genius.mdsalutil.ActionType;
import org.opendaylight.genius.mdsalutil.InstructionInfo;
import org.opendaylight.genius.mdsalutil.NxMatchInfo;
import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
import org.opendaylight.netvirt.aclservice.api.AclServiceListener;
+import org.opendaylight.netvirt.aclservice.utils.AclConstants;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.Instruction;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.OdlInterfaceRpcService;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeIngress;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServices;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
private static final Logger logger = LoggerFactory.getLogger(EgressAclServiceImpl.class);
- private IMdsalApiManager mdsalUtil;
- short tableIdInstall = 22;
- short tableIdNext = 23;
+ private IMdsalApiManager mdsalManager;
private OdlInterfaceRpcService interfaceManager;
private DataBroker dataBroker;
* Intilaze the member variables.
* @param dataBroker the data broker instance.
* @param interfaceManager the interface manager instance.
- * @param mdsalUtil the mdsal util instance.
+ * @param mdsalManager the mdsal manager instance.
*/
public EgressAclServiceImpl(DataBroker dataBroker, OdlInterfaceRpcService interfaceManager,
- IMdsalApiManager mdsalUtil) {
+ IMdsalApiManager mdsalManager) {
this.dataBroker = dataBroker;
this.interfaceManager = interfaceManager;
- this.mdsalUtil = mdsalUtil;
+ this.mdsalManager = mdsalManager;
}
@Override
interfaceState = AclServiceUtils.getInterfaceStateFromOperDS(dataBroker, port.getName());
String attachMac = interfaceState.getPhysAddress().getValue();
programFixedSecurityGroup(dpId, "", attachMac, NwConstants.ADD_FLOW);
+
+ // TODO: uncomment bindservice() when the acl flow programming is
+ // implemented
+ // bindService(port.getName());
return true;
}
interfaceState = AclServiceUtils.getInterfaceStateFromOperDS(dataBroker, port.getName());
String attachMac = interfaceState.getPhysAddress().getValue();
programFixedSecurityGroup(dpId, "", attachMac, NwConstants.DEL_FLOW);
+
+ // TODO: uncomment unbindService() when the acl flow programming is
+ // implemented
+ // unbindService(port.getName());
return true;
}
+ /**
+ * Bind service.
+ *
+ * @param interfaceName the interface name
+ */
+ private void bindService(String interfaceName) {
+ int flowPriority = AclConstants.EGRESS_ACL_DEFAULT_FLOW_PRIORITY;
+
+ int instructionKey = 0;
+ List<Instruction> instructions = new ArrayList<>();
+ instructions.add(MDSALUtil.buildAndGetGotoTableInstruction(AclConstants.EGRESS_ACL_TABLE_ID, ++instructionKey));
+ BoundServices serviceInfo = AclServiceUtils.getBoundServices(
+ String.format("%s.%s.%s", "vpn", "egressacl", interfaceName), AclConstants.EGRESS_ACL_SERVICE_PRIORITY,
+ flowPriority, AclServiceUtils.COOKIE_ACL_BASE, instructions);
+ InstanceIdentifier<BoundServices> path = AclServiceUtils.buildServiceId(interfaceName,
+ AclConstants.EGRESS_ACL_SERVICE_PRIORITY, ServiceModeIngress.class);
+ MDSALUtil.syncWrite(dataBroker, LogicalDatastoreType.CONFIGURATION, path, serviceInfo);
+ }
+
+ /**
+ * Unbind service.
+ *
+ * @param interfaceName the interface name
+ */
+ private void unbindService(String interfaceName) {
+ InstanceIdentifier<BoundServices> path = AclServiceUtils.buildServiceId(interfaceName,
+ AclConstants.EGRESS_ACL_SERVICE_PRIORITY, ServiceModeIngress.class);
+ MDSALUtil.syncDelete(dataBroker, LogicalDatastoreType.CONFIGURATION, path);
+ }
+
+ /**
+ * Gets the instructions for dispatcher table resubmit.
+ *
+ * @return the instructions for dispatcher table resubmit
+ */
+ private List<InstructionInfo> getInstructionsForDispatcherTableResubmit() {
+ List<InstructionInfo> instructions = new ArrayList<>();
+ List<ActionInfo> actionsInfos = new ArrayList<>();
+ actionsInfos.add(new ActionInfo(ActionType.nx_resubmit,
+ new String[] {Short.toString(NwConstants.LPORT_DISPATCHER_TABLE)}));
+ instructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+ return instructions;
+ }
+
/**
* Program the default anti-spoofing rule and the conntrack rules.
+ *
* @param dpid the dpid
* @param dhcpMacAddress the dhcp mac address.
* @param attachMac The vm mac address
actionsInfos.add(new ActionInfo(ActionType.drop_action,
new String[] {}));
String flowName = "Egress_DHCP_Server_v4" + dpId + "_" + attachMac + "_" + dhcpMacAddress + "_Drop_";
- syncFlow(dpId, tableIdInstall, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
+ syncFlow(dpId, AclConstants.EGRESS_ACL_TABLE_ID, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
AclServiceUtils.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
actionsInfos.add(new ActionInfo(ActionType.drop_action,
new String[] {}));
String flowName = "Egress_DHCP_Server_v4" + "_" + dpId + "_" + attachMac + "_" + dhcpMacAddress + "_Drop_";
- syncFlow(dpId, tableIdInstall, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
+ syncFlow(dpId, AclConstants.EGRESS_ACL_TABLE_ID, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
AclServiceUtils.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
instructions.add(new InstructionInfo(InstructionType.goto_table,
- new long[] { tableIdNext }));
+ new long[] { AclConstants.EGRESS_ACL_NEXT_TABLE_ID }));
String flowName = "Egress_DHCP_Client_v4" + dpId + "_" + attachMac + "_" + dhcpMacAddress + "_Permit_";
- syncFlow(dpId, tableIdInstall, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
+ syncFlow(dpId, AclConstants.EGRESS_ACL_TABLE_ID, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
AclServiceUtils.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
actionsInfos));
instructions.add(new InstructionInfo(InstructionType.goto_table,
- new long[] { tableIdNext }));
+ new long[] { AclConstants.EGRESS_ACL_NEXT_TABLE_ID }));
String flowName = "Egress_DHCP_Client_v4" + "_" + dpId + "_" + attachMac + "_" + dhcpMacAddress + "_Permit_";
- syncFlow(dpId, tableIdInstall, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
+ syncFlow(dpId, AclConstants.EGRESS_ACL_TABLE_ID, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
AclServiceUtils.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
private void programConntrackRecircRule(BigInteger dpId, String attachMac, Integer priority, String flowId,
int conntrackState, int conntrackMask, int addOrRemove) {
List<MatchInfoBase> matches = new ArrayList<>();
- matches.add((MatchInfoBase)new MatchInfo(MatchFieldType.eth_type,
+ matches.add(new MatchInfo(MatchFieldType.eth_type,
new long[] { NwConstants.ETHTYPE_IPV4 }));
- matches.add((MatchInfoBase)new NxMatchInfo(NxMatchFieldType.ct_state,
+ matches.add(new NxMatchInfo(NxMatchFieldType.ct_state,
new long[] {conntrackState, conntrackMask}));
matches.add(new MatchInfo(MatchFieldType.eth_src,
new String[] { attachMac }));
List<ActionInfo> actionsInfos = new ArrayList<>();
actionsInfos.add(new ActionInfo(ActionType.nx_conntrack,
- new String[] {"0", "0", "0", Short.toString(tableIdInstall)}, 2));
+ new String[] {"0", "0", "0", Short.toString(AclConstants.EGRESS_ACL_TABLE_ID)}, 2));
instructions.add(new InstructionInfo(InstructionType.apply_actions,
actionsInfos));
String flowName = "Egress_Fixed_Conntrk_Untrk_" + dpId + "_" + attachMac + "_" + flowId;
- syncFlow(dpId, tableIdInstall, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
+ syncFlow(dpId, AclConstants.EGRESS_ACL_TABLE_ID, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
AclServiceUtils.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
private void programConntrackForwardRule(BigInteger dpId, String attachMac, Integer priority, String flowId,
int conntrackState, int conntrackMask, int addOrRemove) {
List<MatchInfoBase> matches = new ArrayList<>();
- matches.add((MatchInfoBase)new MatchInfo(MatchFieldType.eth_type,
+ matches.add(new MatchInfo(MatchFieldType.eth_type,
new long[] { NwConstants.ETHTYPE_IPV4 }));
- matches.add((MatchInfoBase)new NxMatchInfo(NxMatchFieldType.ct_state,
+ matches.add(new NxMatchInfo(NxMatchFieldType.ct_state,
new long[] {conntrackState, conntrackMask}));
matches.add(new MatchInfo(MatchFieldType.eth_src,
new String[] { attachMac }));
new String[] {}));
instructions.add(new InstructionInfo(InstructionType.goto_table,
- new long[] { tableIdNext }));
+ new long[] { AclConstants.EGRESS_ACL_NEXT_TABLE_ID }));
String flowName = "Egress_Fixed_Conntrk_Untrk_" + dpId + "_" + attachMac + "_" + flowId;
- syncFlow(dpId, tableIdInstall, flowName, priority, "ACL", 0, 0,
+ syncFlow(dpId, AclConstants.EGRESS_ACL_TABLE_ID, flowName, priority, "ACL", 0, 0,
AclServiceUtils.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
private void programConntrackDropRule(BigInteger dpId, String attachMac, Integer priority, String flowId,
int conntrackState, int conntrackMask, int addOrRemove) {
List<MatchInfoBase> matches = new ArrayList<>();
- matches.add((MatchInfoBase)new MatchInfo(MatchFieldType.eth_type,
+ matches.add(new MatchInfo(MatchFieldType.eth_type,
new long[] { NwConstants.ETHTYPE_IPV4 }));
- matches.add((MatchInfoBase)new NxMatchInfo(NxMatchFieldType.ct_state,
+ matches.add(new NxMatchInfo(NxMatchFieldType.ct_state,
new long[] { conntrackState, conntrackMask}));
matches.add(new MatchInfo(MatchFieldType.eth_src,
new String[] { attachMac }));
actionsInfos.add(new ActionInfo(ActionType.drop_action,
new String[] {}));
String flowName = "Egress_Fixed_Conntrk_NewDrop_" + dpId + "_" + attachMac + "_" + flowId;
- syncFlow(dpId, tableIdInstall, flowName, priority, "ACL", 0, 0,
+ syncFlow(dpId, AclConstants.EGRESS_ACL_TABLE_ID, flowName, priority, "ACL", 0, 0,
AclServiceUtils.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
new String[] {}));
instructions.add(new InstructionInfo(InstructionType.goto_table,
- new long[] { tableIdNext }));
+ new long[] { AclConstants.EGRESS_ACL_NEXT_TABLE_ID }));
String flowName = "Egress_ARP_" + dpId + "_" + attachMac ;
- syncFlow(dpId, tableIdInstall, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
+ syncFlow(dpId, AclConstants.EGRESS_ACL_TABLE_ID, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
AclServiceUtils.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
int idleTimeOut, int hardTimeOut, BigInteger cookie, List<? extends MatchInfoBase> matches,
List<InstructionInfo> instructions, int addOrRemove) {
if (addOrRemove == NwConstants.DEL_FLOW) {
- MDSALUtil.buildFlowEntity(dpId, tableIdInstall,
- flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
- AclServiceUtils.COOKIE_ACL_BASE, matches, null);
+ MDSALUtil.buildFlowEntity(dpId, tableId, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
+ AclServiceUtils.COOKIE_ACL_BASE, matches, null);
logger.trace("Removing Acl Flow DpId {}, vmMacAddress {}", dpId, flowId);
// TODO Need to be done as a part of genius integration
//mdsalUtil.removeFlow(flowEntity);
import java.util.ArrayList;
import java.util.List;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
+import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.genius.mdsalutil.ActionInfo;
import org.opendaylight.genius.mdsalutil.ActionType;
import org.opendaylight.genius.mdsalutil.InstructionInfo;
import org.opendaylight.genius.mdsalutil.NxMatchInfo;
import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
import org.opendaylight.netvirt.aclservice.api.AclServiceListener;
+import org.opendaylight.netvirt.aclservice.utils.AclConstants;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.Instruction;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.OdlInterfaceRpcService;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeEgress;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServices;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
private static final Logger logger = LoggerFactory.getLogger(IngressAclServiceImpl.class);
- private IMdsalApiManager mdsalUtil;
- short tableIdInstall = 20;
- short tableIdNext = 21;
+ private IMdsalApiManager mdsalManager;
private OdlInterfaceRpcService interfaceManager;
private DataBroker dataBroker;
* Intilaze the member variables.
* @param dataBroker the data broker instance.
* @param interfaceManager the interface manager instance.
- * @param mdsalUtil the mdsal util instance.
+ * @param mdsalManager the mdsal manager.
*/
public IngressAclServiceImpl(DataBroker dataBroker, OdlInterfaceRpcService interfaceManager,
- IMdsalApiManager mdsalUtil) {
+ IMdsalApiManager mdsalManager) {
this.dataBroker = dataBroker;
this.interfaceManager = interfaceManager;
- this.mdsalUtil = mdsalUtil;
+ this.mdsalManager = mdsalManager;
}
@Override
interfaceState = AclServiceUtils.getInterfaceStateFromOperDS(dataBroker, port.getName());
String attachMac = interfaceState.getPhysAddress().getValue();
programFixedSecurityGroup(dpId, "", attachMac, NwConstants.ADD_FLOW);
+
+ // TODO: uncomment bindservice() when interface mgr supports egress
+ // service binding also when acl flow programming is implemented
+ // bindService(port.getName());
return true;
}
interfaceState = AclServiceUtils.getInterfaceStateFromOperDS(dataBroker, port.getName());
String attachMac = interfaceState.getPhysAddress().getValue();
programFixedSecurityGroup(dpId, "", attachMac, NwConstants.DEL_FLOW);
+
+ // TODO: uncomment bindservice() when interface mgr supports egress
+ // service binding also when acl flow programming is implemented
+ // unbindService(port.getName());
return true;
}
+ /**
+ * Bind service.
+ *
+ * @param interfaceName the interface name
+ */
+ private void bindService(String interfaceName) {
+ int flowPriority = AclConstants.INGRESS_ACL_DEFAULT_FLOW_PRIORITY;
+
+ int instructionKey = 0;
+ List<Instruction> instructions = new ArrayList<>();
+ instructions
+ .add(MDSALUtil.buildAndGetGotoTableInstruction(AclConstants.INGRESS_ACL_TABLE_ID, ++instructionKey));
+ BoundServices serviceInfo = AclServiceUtils.getBoundServices(
+ String.format("%s.%s.%s", "vpn", "ingressacl", interfaceName),
+ AclConstants.INGRESS_ACL_SERVICE_PRIORITY, flowPriority, AclServiceUtils.COOKIE_ACL_BASE, instructions);
+ InstanceIdentifier<BoundServices> path = AclServiceUtils.buildServiceId(interfaceName,
+ AclConstants.INGRESS_ACL_SERVICE_PRIORITY, ServiceModeEgress.class);
+ MDSALUtil.syncWrite(dataBroker, LogicalDatastoreType.CONFIGURATION, path, serviceInfo);
+ }
+
+ /**
+ * Unbind service.
+ *
+ * @param interfaceName the interface name
+ */
+ private void unbindService(String interfaceName) {
+ InstanceIdentifier<BoundServices> path = AclServiceUtils.buildServiceId(interfaceName,
+ AclConstants.INGRESS_ACL_SERVICE_PRIORITY, ServiceModeEgress.class);
+ MDSALUtil.syncDelete(dataBroker, LogicalDatastoreType.CONFIGURATION, path);
+ }
+
/**
* Program the default anti-spoofing rule and the conntrack rules.
+ *
* @param dpid the dpid
* @param dhcpMacAddress the dhcp mac address.
* @param attachMac The vm mac address
instructions.add(new InstructionInfo(InstructionType.goto_table,
- new long[] { tableIdNext }));
+ new long[] { AclConstants.INGRESS_ACL_NEXT_TABLE_ID }));
String flowName = "Ingress_DHCP_Server_v4" + dpId + "_" + attachMac + "_" + dhcpMacAddress + "_Permit_";
- syncFlow(dpId, tableIdInstall, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
+ syncFlow(dpId, AclConstants.INGRESS_ACL_TABLE_ID, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
AclServiceUtils.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
actionsInfos));
instructions.add(new InstructionInfo(InstructionType.goto_table,
- new long[] { tableIdNext }));
+ new long[] { AclConstants.INGRESS_ACL_NEXT_TABLE_ID }));
String flowName = "Ingress_DHCP_Server_v6" + "_" + dpId + "_" + attachMac + "_" + "_"
+ dhcpMacAddress + "_Permit_";
- syncFlow(dpId, tableIdInstall, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
+ syncFlow(dpId, AclConstants.INGRESS_ACL_TABLE_ID, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
AclServiceUtils.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
private void programConntrackRecircRule(BigInteger dpId, String attachMac, Integer priority, String flowId,
int conntrackState, int conntrackMask, int addOrRemove) {
List<MatchInfoBase> matches = new ArrayList<>();
- matches.add((MatchInfoBase)new MatchInfo(MatchFieldType.eth_type,
+ matches.add(new MatchInfo(MatchFieldType.eth_type,
new long[] { NwConstants.ETHTYPE_IPV4 }));
- matches.add((MatchInfoBase)new NxMatchInfo(NxMatchFieldType.ct_state,
+ matches.add(new NxMatchInfo(NxMatchFieldType.ct_state,
new long[] {conntrackState, conntrackMask}));
matches.add(new MatchInfo(MatchFieldType.eth_src,
new String[] { attachMac }));
List<ActionInfo> actionsInfos = new ArrayList<>();
actionsInfos.add(new ActionInfo(ActionType.nx_conntrack,
- new String[] {"0", "0", "0", Short.toString(tableIdInstall)}, 2));
+ new String[] {"0", "0", "0", Short.toString(AclConstants.INGRESS_ACL_TABLE_ID)}, 2));
instructions.add(new InstructionInfo(InstructionType.apply_actions,
actionsInfos));
String flowName = "Ingress_Fixed_Conntrk_Untrk_" + dpId + "_" + attachMac + "_" + flowId;
- syncFlow(dpId, tableIdInstall, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
+ syncFlow(dpId, AclConstants.INGRESS_ACL_TABLE_ID, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
AclServiceUtils.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
int conntrackState,
int conntrackMask, int addOrRemove) {
List<MatchInfoBase> matches = new ArrayList<>();
- matches.add((MatchInfoBase)new MatchInfo(MatchFieldType.eth_type,
+ matches.add(new MatchInfo(MatchFieldType.eth_type,
new long[] { NwConstants.ETHTYPE_IPV4 }));
- matches.add((MatchInfoBase)new NxMatchInfo(NxMatchFieldType.ct_state,
+ matches.add(new NxMatchInfo(NxMatchFieldType.ct_state,
new long[] {conntrackState, conntrackMask}));
matches.add(new MatchInfo(MatchFieldType.eth_src,
new String[] { attachMac }));
new String[] {}));
instructions.add(new InstructionInfo(InstructionType.goto_table,
- new long[] { tableIdNext }));
+ new long[] { AclConstants.INGRESS_ACL_NEXT_TABLE_ID }));
String flowName = "Ingress_Fixed_Conntrk_Untrk_" + dpId + "_" + attachMac + "_" + flowId;
- syncFlow(dpId, tableIdInstall, flowName, priority, "ACL", 0, 0,
+ syncFlow(dpId, AclConstants.INGRESS_ACL_TABLE_ID, flowName, priority, "ACL", 0, 0,
AclServiceUtils.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
private void programConntrackDropRule(BigInteger dpId, String attachMac, Integer priority, String flowId,
int conntrackState, int conntrackMask, int addOrRemove) {
List<MatchInfoBase> matches = new ArrayList<>();
- matches.add((MatchInfoBase)new MatchInfo(MatchFieldType.eth_type,
+ matches.add(new MatchInfo(MatchFieldType.eth_type,
new long[] { NwConstants.ETHTYPE_IPV4 }));
- matches.add((MatchInfoBase)new NxMatchInfo(NxMatchFieldType.ct_state,
+ matches.add(new NxMatchInfo(NxMatchFieldType.ct_state,
new long[] { conntrackState, conntrackMask}));
matches.add(new MatchInfo(MatchFieldType.eth_src,
new String[] { attachMac }));
actionsInfos.add(new ActionInfo(ActionType.drop_action,
new String[] {}));
String flowName = "Ingress_Fixed_Conntrk_NewDrop_" + dpId + "_" + attachMac + "_" + flowId;
- syncFlow(dpId, tableIdInstall, flowName, priority, "ACL", 0, 0,
+ syncFlow(dpId, AclConstants.INGRESS_ACL_TABLE_ID, flowName, priority, "ACL", 0, 0,
AclServiceUtils.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
new String[] {}));
instructions.add(new InstructionInfo(InstructionType.goto_table,
- new long[] { tableIdNext }));
+ new long[] { AclConstants.INGRESS_ACL_NEXT_TABLE_ID }));
String flowName = "Ingress_ARP_" + dpId + "_" + attachMac;
- syncFlow(dpId, tableIdInstall, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
+ syncFlow(dpId, AclConstants.INGRESS_ACL_TABLE_ID, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", 0, 0,
AclServiceUtils.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
int idleTimeOut, int hardTimeOut, BigInteger cookie, List<? extends MatchInfoBase> matches,
List<InstructionInfo> instructions, int addOrRemove) {
if (addOrRemove == NwConstants.DEL_FLOW) {
- MDSALUtil.buildFlowEntity(dpId, tableIdInstall,
- flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", idleTimeOut, hardTimeOut,
- AclServiceUtils.COOKIE_ACL_BASE, matches, null);
+ MDSALUtil.buildFlowEntity(dpId, tableId, flowName, AclServiceUtils.PROTO_MATCH_PRIORITY, "ACL", idleTimeOut,
+ hardTimeOut, AclServiceUtils.COOKIE_ACL_BASE, matches, null);
logger.trace("Removing Acl Flow DpId {}, vmMacAddress {}", dpId, flowId);
// TODO Need to be done as a part of genius integration
// mdsalUtil.removeFlow(flowEntity);
--- /dev/null
+/*
+ * Copyright (c) 2016 Ericsson India Global Services Pvt Ltd. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.netvirt.aclservice.listeners;
+
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.List;
+import org.opendaylight.genius.datastoreutils.AsyncDataTreeChangeListenerBase;
+import org.opendaylight.genius.mdsalutil.ActionInfo;
+import org.opendaylight.genius.mdsalutil.ActionType;
+import org.opendaylight.genius.mdsalutil.FlowEntity;
+import org.opendaylight.genius.mdsalutil.InstructionInfo;
+import org.opendaylight.genius.mdsalutil.InstructionType;
+import org.opendaylight.genius.mdsalutil.MDSALUtil;
+import org.opendaylight.genius.mdsalutil.MatchInfo;
+import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
+import org.opendaylight.netvirt.aclservice.AclServiceUtils;
+import org.opendaylight.netvirt.aclservice.utils.AclConstants;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.FlowCapableNode;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.Nodes;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeKey;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Listener to handle flow capable node updates.
+ */
+public class AclNodeListener extends AsyncDataTreeChangeListenerBase<FlowCapableNode, AclNodeListener>
+ implements AutoCloseable {
+
+ /** The Constant LOG. */
+ private static final Logger LOG = LoggerFactory.getLogger(AclNodeListener.class);
+
+ /** The mdsal manager. */
+ private IMdsalApiManager mdsalManager;
+
+ /**
+ * Instantiates a new acl node listener.
+ *
+ * @param mdsalManager the mdsal manager
+ */
+ public AclNodeListener(final IMdsalApiManager mdsalManager) {
+ super(FlowCapableNode.class, AclNodeListener.class);
+
+ this.mdsalManager = mdsalManager;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * org.opendaylight.genius.datastoreutils.AsyncDataTreeChangeListenerBase#
+ * getWildCardPath()
+ */
+ @Override
+ protected InstanceIdentifier<FlowCapableNode> getWildCardPath() {
+ return InstanceIdentifier.create(Nodes.class).child(Node.class).augmentation(FlowCapableNode.class);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * org.opendaylight.genius.datastoreutils.AsyncDataTreeChangeListenerBase#
+ * remove(org.opendaylight.yangtools.yang.binding.InstanceIdentifier,
+ * org.opendaylight.yangtools.yang.binding.DataObject)
+ */
+ @Override
+ protected void remove(InstanceIdentifier<FlowCapableNode> key, FlowCapableNode dataObjectModification) {
+ // do nothing
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * org.opendaylight.genius.datastoreutils.AsyncDataTreeChangeListenerBase#
+ * update(org.opendaylight.yangtools.yang.binding.InstanceIdentifier,
+ * org.opendaylight.yangtools.yang.binding.DataObject,
+ * org.opendaylight.yangtools.yang.binding.DataObject)
+ */
+ @Override
+ protected void update(InstanceIdentifier<FlowCapableNode> key, FlowCapableNode dataObjectModificationBefore,
+ FlowCapableNode dataObjectModificationAfter) {
+ // do nothing
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * org.opendaylight.genius.datastoreutils.AsyncDataTreeChangeListenerBase#
+ * add(org.opendaylight.yangtools.yang.binding.InstanceIdentifier,
+ * org.opendaylight.yangtools.yang.binding.DataObject)
+ */
+ @Override
+ protected void add(InstanceIdentifier<FlowCapableNode> key, FlowCapableNode dataObjectModification) {
+ LOG.trace("FlowCapableNode Added: key: {}", key);
+
+ NodeKey nodeKey = key.firstKeyOf(Node.class);
+ BigInteger dpnId = MDSALUtil.getDpnIdFromNodeName(nodeKey.getId());
+ createTableMissEntries(dpnId);
+ }
+
+ /**
+ * Creates the table miss entries.
+ *
+ * @param dpnId the dpn id
+ */
+ private void createTableMissEntries(BigInteger dpnId) {
+ addIngressAclTableMissFlow(dpnId);
+ addEgressAclTableMissFlow(dpnId);
+ }
+
+ /**
+ * Adds the ingress acl table miss flow.
+ *
+ * @param dpId the dp id
+ */
+ private void addIngressAclTableMissFlow(BigInteger dpId) {
+ List<MatchInfo> mkMatches = new ArrayList<>();
+ List<InstructionInfo> mkInstructions = new ArrayList<>();
+ List<ActionInfo> actionsInfos = new ArrayList<>();
+ actionsInfos.add(new ActionInfo(ActionType.drop_action, new String[] {}));
+ mkInstructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+ FlowEntity flowEntity = MDSALUtil.buildFlowEntity(dpId, AclConstants.INGRESS_ACL_TABLE_ID,
+ getTableMissFlowId(AclConstants.INGRESS_ACL_TABLE_ID), 0, "Ingress ACL Table Miss Flow", 0, 0,
+ AclServiceUtils.COOKIE_ACL_BASE, mkMatches, mkInstructions);
+ mdsalManager.installFlow(flowEntity);
+
+ FlowEntity nextTblFlowEntity = MDSALUtil.buildFlowEntity(dpId, AclConstants.INGRESS_ACL_NEXT_TABLE_ID,
+ getTableMissFlowId(AclConstants.INGRESS_ACL_NEXT_TABLE_ID), 0, "Ingress ACL Table Miss Flow", 0, 0,
+ AclServiceUtils.COOKIE_ACL_BASE, mkMatches, mkInstructions);
+ mdsalManager.installFlow(nextTblFlowEntity);
+
+ LOG.debug("Added Ingress ACL Table Miss Flows for dpn {}", dpId);
+ }
+
+ /**
+ * Adds the egress acl table miss flow.
+ *
+ * @param dpId the dp id
+ */
+ private void addEgressAclTableMissFlow(BigInteger dpId) {
+ List<MatchInfo> mkMatches = new ArrayList<>();
+ List<InstructionInfo> mkInstructions = new ArrayList<>();
+ List<ActionInfo> actionsInfos = new ArrayList<>();
+ actionsInfos.add(new ActionInfo(ActionType.drop_action, new String[] {}));
+ mkInstructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
+
+ FlowEntity flowEntity = MDSALUtil.buildFlowEntity(dpId, AclConstants.EGRESS_ACL_TABLE_ID,
+ getTableMissFlowId(AclConstants.EGRESS_ACL_TABLE_ID), 0, "Egress ACL Table Miss Flow", 0, 0,
+ AclServiceUtils.COOKIE_ACL_BASE, mkMatches, mkInstructions);
+ mdsalManager.installFlow(flowEntity);
+
+ FlowEntity nextTblFlowEntity = MDSALUtil.buildFlowEntity(dpId, AclConstants.EGRESS_ACL_NEXT_TABLE_ID,
+ getTableMissFlowId(AclConstants.EGRESS_ACL_NEXT_TABLE_ID), 0, "Egress ACL Table Miss Flow", 0, 0,
+ AclServiceUtils.COOKIE_ACL_BASE, mkMatches, mkInstructions);
+ mdsalManager.installFlow(nextTblFlowEntity);
+
+ LOG.debug("Added Egress ACL Table Miss Flows for dpn {}", dpId);
+ }
+
+ /**
+ * Gets the table miss flow id.
+ *
+ * @param tableId the table id
+ * @return the table miss flow id
+ */
+ private String getTableMissFlowId(short tableId) {
+ return String.valueOf(tableId);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * org.opendaylight.genius.datastoreutils.AsyncDataTreeChangeListenerBase#
+ * getDataTreeChangeListener()
+ */
+ @Override
+ protected AclNodeListener getDataTreeChangeListener() {
+ return AclNodeListener.this;
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Ericsson India Global Services Pvt Ltd. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.netvirt.aclservice.utils;
+
+/**
+ * The class to have ACL related constants.
+ */
+public final class AclConstants {
+
+ // TODO: Move all service related constants across all modules to a common
+ // place
+ public static final short EGRESS_ACL_TABLE_ID = 40;
+ public static final short EGRESS_ACL_NEXT_TABLE_ID = 41;
+ public static final short EGRESS_ACL_SERVICE_PRIORITY = 2;
+ public static final short EGRESS_ACL_DEFAULT_FLOW_PRIORITY = 11;
+
+ public static final short INGRESS_ACL_TABLE_ID = 251;
+ public static final short INGRESS_ACL_NEXT_TABLE_ID = 252;
+ public static final short INGRESS_ACL_SERVICE_PRIORITY = 10;
+ public static final short INGRESS_ACL_DEFAULT_FLOW_PRIORITY = 1;
+}
public static final short ELAN_SMAC_TABLE = 50;
public static final short ELAN_DMAC_TABLE = 51;
public static final short ELAN_UNKNOWN_DMAC_TABLE = 52;
- public static final short ELAN_SERVICE_INDEX = 3;
+ public static final short ELAN_SERVICE_INDEX = 4;
public static final int ELAN_SERVICE_PRIORITY = 5;
public static final int STATIC_MAC_TIMEOUT = 0;
public static final long DELAY_TIME_IN_MILLISECOND = 5000;
public static final long VPN_IDPOOL_START = 100L;
public static final String VPN_IDPOOL_SIZE = "100000";
public static final short DEFAULT_FLOW_PRIORITY = 10;
- public static final short L3VPN_SERVICE_IDENTIFIER = 2;
+ public static final short L3VPN_SERVICE_IDENTIFIER = 3;
public static final long INVALID_ID = -1;
public static final String SEPARATOR = ".";
public static final BigInteger COOKIE_VM_INGRESS_TABLE = new BigInteger("8000001", 16);