import org.opendaylight.netvirt.aclservice.api.AclServiceManager.MatchCriteria;
import org.opendaylight.netvirt.aclservice.utils.AclConstants;
import org.opendaylight.netvirt.aclservice.utils.AclDataUtil;
+import org.opendaylight.netvirt.aclservice.utils.AclServiceOFFlowBuilder;
import org.opendaylight.netvirt.aclservice.utils.AclServiceUtils;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress;
int lportTag, String portId, Action action, int write) {
programConntrackRecircRules(dpid, allowedAddresses, AclConstants.CT_STATE_UNTRACKED_PRIORITY,
"Recirc", portId, write );
+ programEgressConntrackDropRules(dpid, lportTag, write);
LOG.info("programEgressAclFixedConntrackRule : default connection tracking rule are added.");
}
+
+ /**
+ * Adds the rule to drop the unknown/invalid packets .
+ *
+ * @param dpId the dpId
+ * @param lportTag the lport tag
+ * @param priority the priority of the flow
+ * @param flowId the flowId
+ * @param conntrackState the conntrack state of the packets thats should be
+ * send
+ * @param conntrackMask the conntrack mask
+ * @param tableId table id
+ * @param addOrRemove whether to add or remove the flow
+ */
+ private void programConntrackDropRule(BigInteger dpId, int lportTag, Integer priority, String flowId,
+ int conntrackState, int conntrackMask, int addOrRemove) {
+ List<MatchInfoBase> matches = AclServiceOFFlowBuilder.addLPortTagMatches(lportTag, conntrackState,
+ conntrackMask);
+ List<InstructionInfo> instructions = AclServiceOFFlowBuilder.getDropInstructionInfo();
+
+ flowId = "Egress_Fixed_Conntrk_Drop" + dpId + "_" + lportTag + "_" + flowId;
+ syncFlow(dpId, NwConstants.EGRESS_ACL_FILTER_TABLE, flowId, priority, "ACL", 0, 0,
+ AclConstants.COOKIE_ACL_DROP_FLOW, matches, instructions, addOrRemove);
+ }
+
+ /**
+ * Adds the rules to drop the unknown/invalid packets .
+ *
+ * @param dpId the dpId
+ * @param lportTag the lport tag
+ * @param addOrRemove whether to add or remove the flow
+ */
+ private void programEgressConntrackDropRules(BigInteger dpId, int lportTag, int addOrRemove) {
+ programConntrackDropRule(dpId, lportTag, AclConstants.CT_STATE_TRACKED_NEW_DROP_PRIORITY, "Tracked_New",
+ AclConstants.TRACKED_NEW_CT_STATE, AclConstants.TRACKED_NEW_CT_STATE_MASK, addOrRemove);
+ programConntrackDropRule(dpId, lportTag, AclConstants.CT_STATE_TRACKED_INVALID_PRIORITY, "Tracked_Invalid",
+ AclConstants.TRACKED_INV_CT_STATE, AclConstants.TRACKED_INV_CT_STATE_MASK, addOrRemove);
+ }
}
import org.opendaylight.netvirt.aclservice.api.AclServiceManager.MatchCriteria;
import org.opendaylight.netvirt.aclservice.utils.AclConstants;
import org.opendaylight.netvirt.aclservice.utils.AclDataUtil;
+import org.opendaylight.netvirt.aclservice.utils.AclServiceOFFlowBuilder;
import org.opendaylight.netvirt.aclservice.utils.AclServiceUtils;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress;
@Override
protected void programSpecificFixedRules(BigInteger dpid, String dhcpMacAddress,
List<AllowedAddressPairs> allowedAddresses, int lportTag, String portId, Action action, int addOrRemove) {
- programIngressAclFixedConntrackRule(dpid, allowedAddresses, portId, action, addOrRemove);
+ programIngressAclFixedConntrackRule(dpid, lportTag, allowedAddresses, portId, action, addOrRemove);
}
@Override
* Programs the default connection tracking rules.
*
* @param dpid the dp id
+ * @param lportTag the lport tag
* @param allowedAddresses the allowed addresses
* @param portId the portId
* @param write whether to add or remove the flow.
*/
- private void programIngressAclFixedConntrackRule(BigInteger dpid, List<AllowedAddressPairs> allowedAddresses,
- String portId, Action action, int write) {
+ private void programIngressAclFixedConntrackRule(BigInteger dpid, int lportTag,
+ List<AllowedAddressPairs> allowedAddresses, String portId, Action action, int write) {
programConntrackRecircRules(dpid, allowedAddresses, AclConstants.CT_STATE_UNTRACKED_PRIORITY,
"Recirc",portId, write);
+ programIngressConntrackDropRules(dpid, lportTag, write);
LOG.info("programIngressAclFixedConntrackRule : default connection tracking rule are added.");
}
+
+ /**
+ * Adds the rule to drop the unknown/invalid packets .
+ *
+ * @param dpId the dpId
+ * @param lportTag the lport tag
+ * @param priority the priority of the flow
+ * @param flowId the flowId
+ * @param conntrackState the conntrack state of the packets thats should be
+ * send
+ * @param conntrackMask the conntrack mask
+ * @param tableId table id
+ * @param addOrRemove whether to add or remove the flow
+ */
+ private void programConntrackDropRule(BigInteger dpId, int lportTag, Integer priority, String flowId,
+ int conntrackState, int conntrackMask, int addOrRemove) {
+ List<MatchInfoBase> matches = AclServiceOFFlowBuilder.addLPortTagMatches(lportTag, conntrackState,
+ conntrackMask);
+ List<InstructionInfo> instructions = AclServiceOFFlowBuilder.getDropInstructionInfo();
+
+ flowId = "Ingress_Fixed_Conntrk_Drop" + dpId + "_" + lportTag + "_" + flowId;
+ syncFlow(dpId, NwConstants.INGRESS_ACL_FILTER_TABLE, flowId, priority, "ACL", 0, 0,
+ AclConstants.COOKIE_ACL_DROP_FLOW, matches, instructions, addOrRemove);
+ }
+
+ /**
+ * Adds the rules to drop the unknown/invalid packets .
+ *
+ * @param dpId the dpId
+ * @param lportTag the lport tag
+ * @param addOrRemove whether to add or remove the flow
+ */
+ private void programIngressConntrackDropRules(BigInteger dpId, int lportTag, int addOrRemove) {
+ programConntrackDropRule(dpId, lportTag, AclConstants.CT_STATE_TRACKED_NEW_DROP_PRIORITY, "Tracked_New",
+ AclConstants.TRACKED_NEW_CT_STATE, AclConstants.TRACKED_NEW_CT_STATE_MASK, addOrRemove);
+ programConntrackDropRule(dpId, lportTag, AclConstants.CT_STATE_TRACKED_INVALID_PRIORITY, "Tracked_Invalid",
+ AclConstants.TRACKED_INV_CT_STATE, AclConstants.TRACKED_INV_CT_STATE_MASK, addOrRemove);
+ }
}
dispatcherTableId, tableId, write );
programConntrackForwardRule(dpnId, AclConstants.CT_STATE_TRACKED_EXIST_PRIORITY,"Tracked_Related", AclConstants
.TRACKED_REL_CT_STATE, AclConstants.TRACKED_REL_CT_STATE_MASK, dispatcherTableId, tableId, write );
- programConntrackDropRule(dpnId, AclConstants.CT_STATE_NEW_PRIORITY_DROP,"Tracked_New",
- AclConstants.TRACKED_NEW_CT_STATE, AclConstants.TRACKED_NEW_CT_STATE_MASK, tableId, write );
- programConntrackDropRule(dpnId, AclConstants.CT_STATE_TRACKED_EXIST_PRIORITY, "Tracked_Invalid",
- AclConstants.TRACKED_INV_CT_STATE, AclConstants.TRACKED_INV_CT_STATE_MASK, tableId, write );
-
}
/**
AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
}
- /**
- * Adds the rule to drop the unknown/invalid packets .
- *
- * @param dpId the dpId
- * @param priority the priority of the flow
- * @param flowId the flowId
- * @param conntrackState the conntrack state of the packets thats should be
- * send
- * @param conntrackMask the conntrack mask
- * @param tableId the table id
- * @param addOrRemove whether to add or remove the flow
- */
- private void programConntrackDropRule(BigInteger dpId, Integer priority, String flowId,
- int conntrackState, int conntrackMask, short tableId, int addOrRemove) {
- List<MatchInfoBase> matches = new ArrayList<>();
- matches.add(new NxMatchInfo(NxMatchFieldType.ct_state, new long[] {conntrackState, conntrackMask}));
-
- List<InstructionInfo> instructions = new ArrayList<>();
- List<ActionInfo> actionsInfos = new ArrayList<>();
- actionsInfos.add(new ActionDrop());
- instructions.add(new InstructionApplyActions(actionsInfos));
- flowId = "Fixed_Conntrk_NewDrop_" + dpId + "_" + flowId + tableId;
- syncFlow(dpId, tableId, flowId, priority, "ACL", 0, 0,
- AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove);
- }
-
/**
* Gets the dispatcher table resubmit instructions.
*
if (flowStats.getPriority().equals(AclConstants.CT_STATE_TRACKED_INVALID_PRIORITY)) {
portEgressBytesBuilder.setInvalidDropCount(flowStats.getByteCount().getValue());
portEgressPacketsBuilder.setInvalidDropCount(flowStats.getPacketCount().getValue());
- } else if (flowStats.getPriority().equals(AclConstants.CT_STATE_NEW_PRIORITY_DROP)) {
+ } else if (flowStats.getPriority().equals(AclConstants.CT_STATE_TRACKED_NEW_DROP_PRIORITY)) {
portEgressBytesBuilder.setDropCount(flowStats.getByteCount().getValue());
portEgressPacketsBuilder.setDropCount(flowStats.getPacketCount().getValue());
}
if (flowStats.getPriority().equals(AclConstants.CT_STATE_TRACKED_INVALID_PRIORITY)) {
portIngressBytesBuilder.setInvalidDropCount(flowStats.getByteCount().getValue());
portIngressPacketsBuilder.setInvalidDropCount(flowStats.getPacketCount().getValue());
- } else if (flowStats.getPriority().equals(AclConstants.CT_STATE_NEW_PRIORITY_DROP)) {
+ } else if (flowStats.getPriority().equals(AclConstants.CT_STATE_TRACKED_NEW_DROP_PRIORITY)) {
portIngressBytesBuilder.setDropCount(flowStats.getByteCount().getValue());
portIngressPacketsBuilder.setDropCount(flowStats.getPacketCount().getValue());
}
public static final Integer CT_STATE_TRACKED_EXIST_PRIORITY = 62020;
public static final Integer CT_STATE_TRACKED_INVALID_PRIORITY = 62015;
public static final Integer CT_STATE_TRACKED_NEW_PRIORITY = 62010;
- public static final Integer CT_STATE_NEW_PRIORITY_DROP = 50;
+ public static final Integer CT_STATE_TRACKED_NEW_DROP_PRIORITY = 50;
public static final short DHCP_CLIENT_PORT_IPV4 = 68;
public static final short DHCP_SERVER_PORT_IPV4 = 67;
import java.util.List;
import java.util.Map;
+import org.opendaylight.genius.mdsalutil.ActionInfo;
+import org.opendaylight.genius.mdsalutil.InstructionInfo;
import org.opendaylight.genius.mdsalutil.MatchInfoBase;
import org.opendaylight.genius.mdsalutil.NwConstants;
import org.opendaylight.genius.mdsalutil.NxMatchFieldType;
import org.opendaylight.genius.mdsalutil.NxMatchInfo;
+import org.opendaylight.genius.mdsalutil.actions.ActionDrop;
+import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions;
import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType;
import org.opendaylight.genius.mdsalutil.matches.MatchIcmpv4;
import org.opendaylight.genius.mdsalutil.matches.MatchIcmpv6;
return flowMatches;
}
+ /** Adds LPort matches to the flow.
+ * @param lportTag lport tag
+ * @param conntrackState conntrack state to be used with matches
+ * @param conntrackMask conntrack mask to be used with matches
+ * @return list of matches
+ */
+ public static List<MatchInfoBase> addLPortTagMatches(int lportTag, int conntrackState, int conntrackMask) {
+ List<MatchInfoBase> matches = new ArrayList<>();
+ matches.add(AclServiceUtils.buildLPortTagMatch(lportTag));
+ matches.add(new NxMatchInfo(NxMatchFieldType.ct_state, new long[] {conntrackState, conntrackMask}));
+ return matches;
+ }
+
+ /** Returns drop instruction info.
+ * @return drop list of InstructionInfo objects
+ */
+ public static List<InstructionInfo> getDropInstructionInfo() {
+ List<InstructionInfo> instructions = new ArrayList<>();
+ List<ActionInfo> actionsInfos = new ArrayList<>();
+ actionsInfos.add(new ActionDrop());
+ instructions.add(new InstructionApplyActions(actionsInfos));
+ return instructions;
+ }
+
/**
* Converts port range into a set of masked port ranges.
*
LOG.info("getFlowStatistics rpc input = {}", input);
List<FlowAndStatisticsMapList> flowStatsList = new ArrayList<>();
- FlowAndStatisticsMapList portIngressFlowStats1 =
- buildFlowStats(NwConstants.EGRESS_ACL_FILTER_TABLE, AclConstants.CT_STATE_NEW_PRIORITY_DROP, 1, 5, 5);
+ FlowAndStatisticsMapList portIngressFlowStats1 = buildFlowStats(NwConstants.EGRESS_ACL_FILTER_TABLE,
+ AclConstants.CT_STATE_TRACKED_NEW_DROP_PRIORITY, 1, 5, 5);
FlowAndStatisticsMapList portIngressFlowStats2 = buildFlowStats(NwConstants.EGRESS_ACL_FILTER_TABLE,
AclConstants.CT_STATE_TRACKED_INVALID_PRIORITY, 1, 10, 10);
FlowAndStatisticsMapList portEgressFlowStats1 = buildFlowStats(NwConstants.INGRESS_ACL_FILTER_TABLE,
- AclConstants.CT_STATE_NEW_PRIORITY_DROP, 1, 15, 15);
+ AclConstants.CT_STATE_TRACKED_NEW_DROP_PRIORITY, 1, 15, 15);
FlowAndStatisticsMapList portEgressFlowStats2 = buildFlowStats(NwConstants.INGRESS_ACL_FILTER_TABLE,
AclConstants.CT_STATE_TRACKED_INVALID_PRIORITY, 1, 20, 20);
import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack
import org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit
+import org.opendaylight.genius.mdsalutil.actions.ActionDrop
import org.opendaylight.genius.mdsalutil.FlowEntity
import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions
import org.opendaylight.genius.mdsalutil.matches.MatchArpSha
]
priority = 61010
tableId = 251 as short
+ ],
+ new FlowEntity(123bi) => [
+ cookie = 110100481bi
+ flowId = "Ingress_Fixed_Conntrk_Drop123_987_Tracked_New"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionDrop()
+ ])
+ ]
+ matchInfoList = #[
+ new MatchMetadata(1085217976614912bi, 1152920405095219200bi),
+ new NxMatchInfoBuilder >> [
+ matchField = NxMatchFieldType.ct_state
+ matchValues = #[
+ 33L,
+ 33L
+ ]
+ ]
+ ]
+ priority = 50
+ tableId = 41 as short
+ ],
+ new FlowEntity(123bi) => [
+ cookie = 110100481bi
+ flowId = "Ingress_Fixed_Conntrk_Drop123_987_Tracked_Invalid"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionDrop()
+ ])
+ ]
+ matchInfoList = #[
+ new MatchMetadata(1085217976614912bi, 1152920405095219200bi),
+ new NxMatchInfoBuilder >> [
+ matchField = NxMatchFieldType.ct_state
+ matchValues = #[
+ 48L,
+ 48L
+ ]
+ ]
+ ]
+ priority = 62015
+ tableId = 41 as short
]
]
}
]
priority = 61010
tableId = 40 as short
+ ],
+ new FlowEntity(123bi) => [
+ cookie = 110100481bi
+ flowId = "Egress_Fixed_Conntrk_Drop123_987_Tracked_New"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionDrop()
+ ])
+ ]
+ matchInfoList = #[
+ new MatchMetadata(1085217976614912bi, 1152920405095219200bi),
+ new NxMatchInfoBuilder >> [
+ matchField = NxMatchFieldType.ct_state
+ matchValues = #[
+ 33L,
+ 33L
+ ]
+ ]
+ ]
+ priority = 50
+ tableId = 252 as short
+ ],
+ new FlowEntity(123bi) => [
+ cookie = 110100481bi
+ flowId = "Egress_Fixed_Conntrk_Drop123_987_Tracked_Invalid"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionDrop()
+ ])
+ ]
+ matchInfoList = #[
+ new MatchMetadata(1085217976614912bi, 1152920405095219200bi),
+ new NxMatchInfoBuilder >> [
+ matchField = NxMatchFieldType.ct_state
+ matchValues = #[
+ 48L,
+ 48L
+ ]
+ ]
+ ]
+ priority = 62015
+ tableId = 252 as short
]
]
}
]
priority = 61010
tableId = 251 as short
+ ],
+ new FlowEntity(123bi) => [
+ cookie = 110100481bi
+ flowId = "Ingress_Fixed_Conntrk_Drop123_987_Tracked_New"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionDrop()
+ ])
+ ]
+ matchInfoList = #[
+ new MatchMetadata(1085217976614912bi, 1152920405095219200bi),
+ new NxMatchInfoBuilder >> [
+ matchField = NxMatchFieldType.ct_state
+ matchValues = #[
+ 33L,
+ 33L
+ ]
+ ]
+ ]
+ priority = 50
+ tableId = 41 as short
+ ],
+ new FlowEntity(123bi) => [
+ cookie = 110100481bi
+ flowId = "Ingress_Fixed_Conntrk_Drop123_987_Tracked_Invalid"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionDrop()
+ ])
+ ]
+ matchInfoList = #[
+ new MatchMetadata(1085217976614912bi, 1152920405095219200bi),
+ new NxMatchInfoBuilder >> [
+ matchField = NxMatchFieldType.ct_state
+ matchValues = #[
+ 48L,
+ 48L
+ ]
+ ]
+ ]
+ priority = 62015
+ tableId = 41 as short
]
]
}
]
priority = 61010
tableId = 40 as short
+ ],
+ new FlowEntity(123bi) => [
+ cookie = 110100481bi
+ flowId = "Egress_Fixed_Conntrk_Drop123_987_Tracked_New"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionDrop()
+ ])
+ ]
+ matchInfoList = #[
+ new MatchMetadata(1085217976614912bi, 1152920405095219200bi),
+ new NxMatchInfoBuilder >> [
+ matchField = NxMatchFieldType.ct_state
+ matchValues = #[
+ 33L,
+ 33L
+ ]
+ ]
+ ]
+ priority = 50
+ tableId = 252 as short
+ ],
+ new FlowEntity(123bi) => [
+ cookie = 110100481bi
+ flowId = "Egress_Fixed_Conntrk_Drop123_987_Tracked_Invalid"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionDrop()
+ ])
+ ]
+ matchInfoList = #[
+ new MatchMetadata(1085217976614912bi, 1152920405095219200bi),
+ new NxMatchInfoBuilder >> [
+ matchField = NxMatchFieldType.ct_state
+ matchValues = #[
+ 48L,
+ 48L
+ ]
+ ]
+ ]
+ priority = 62015
+ tableId = 252 as short
]
]
}
]
priority = 61010
tableId = 251 as short
+ ],
+ new FlowEntity(123bi) => [
+ cookie = 110100481bi
+ flowId = "Ingress_Fixed_Conntrk_Drop123_987_Tracked_New"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionDrop()
+ ])
+ ]
+ matchInfoList = #[
+ new MatchMetadata(1085217976614912bi, 1152920405095219200bi),
+ new NxMatchInfoBuilder >> [
+ matchField = NxMatchFieldType.ct_state
+ matchValues = #[
+ 33L,
+ 33L
+ ]
+ ]
+ ]
+ priority = 50
+ tableId = 41 as short
+ ],
+ new FlowEntity(123bi) => [
+ cookie = 110100481bi
+ flowId = "Ingress_Fixed_Conntrk_Drop123_987_Tracked_Invalid"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionDrop()
+ ])
+ ]
+ matchInfoList = #[
+ new MatchMetadata(1085217976614912bi, 1152920405095219200bi),
+ new NxMatchInfoBuilder >> [
+ matchField = NxMatchFieldType.ct_state
+ matchValues = #[
+ 48L,
+ 48L
+ ]
+ ]
+ ]
+ priority = 62015
+ tableId = 41 as short
]
]
-
}
static def fixedConntrackEgressFlowsPort3() {
]
priority = 61010
tableId = 40 as short
+ ],
+ new FlowEntity(123bi) => [
+ cookie = 110100481bi
+ flowId = "Egress_Fixed_Conntrk_Drop123_987_Tracked_New"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionDrop()
+ ])
+ ]
+ matchInfoList = #[
+ new MatchMetadata(1085217976614912bi, 1152920405095219200bi),
+ new NxMatchInfoBuilder >> [
+ matchField = NxMatchFieldType.ct_state
+ matchValues = #[
+ 33L,
+ 33L
+ ]
+ ]
+ ]
+ priority = 50
+ tableId = 252 as short
+ ],
+ new FlowEntity(123bi) => [
+ cookie = 110100481bi
+ flowId = "Egress_Fixed_Conntrk_Drop123_987_Tracked_Invalid"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionDrop()
+ ])
+ ]
+ matchInfoList = #[
+ new MatchMetadata(1085217976614912bi, 1152920405095219200bi),
+ new NxMatchInfoBuilder >> [
+ matchField = NxMatchFieldType.ct_state
+ matchValues = #[
+ 48L,
+ 48L
+ ]
+ ]
+ ]
+ priority = 62015
+ tableId = 252 as short
]
]
}
priority = 63010
tableId = 251 as short
],
+ new FlowEntity(123bi) => [
+ cookie = 110100481bi
+ flowId = "Ingress_Fixed_Conntrk_Drop123_987_Tracked_New"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionDrop()
+ ])
+ ]
+ matchInfoList = #[
+ new MatchMetadata(1085217976614912bi, 1152920405095219200bi),
+ new NxMatchInfoBuilder >> [
+ matchField = NxMatchFieldType.ct_state
+ matchValues = #[
+ 33L,
+ 33L
+ ]
+ ]
+ ]
+ priority = 50
+ tableId = 41 as short
+ ],
+ new FlowEntity(123bi) => [
+ cookie = 110100481bi
+ flowId = "Ingress_Fixed_Conntrk_Drop123_987_Tracked_Invalid"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionDrop()
+ ])
+ ]
+ matchInfoList = #[
+ new MatchMetadata(1085217976614912bi, 1152920405095219200bi),
+ new NxMatchInfoBuilder >> [
+ matchField = NxMatchFieldType.ct_state
+ matchValues = #[
+ 48L,
+ 48L
+ ]
+ ]
+ ]
+ priority = 62015
+ tableId = 41 as short
+ ],
new FlowEntity(123bi) => [
cookie = 110100480bi
flowId = "Egress_DHCP_Client_v4123_987__Permit_"
]
priority = 63010
tableId = 40 as short
+ ],
+ new FlowEntity(123bi) => [
+ cookie = 110100481bi
+ flowId = "Egress_Fixed_Conntrk_Drop123_987_Tracked_New"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionDrop()
+ ])
+ ]
+ matchInfoList = #[
+ new MatchMetadata(1085217976614912bi, 1152920405095219200bi),
+ new NxMatchInfoBuilder >> [
+ matchField = NxMatchFieldType.ct_state
+ matchValues = #[
+ 33L,
+ 33L
+ ]
+ ]
+ ]
+ priority = 50
+ tableId = 252 as short
+ ],
+ new FlowEntity(123bi) => [
+ cookie = 110100481bi
+ flowId = "Egress_Fixed_Conntrk_Drop123_987_Tracked_Invalid"
+ flowName = "ACL"
+ instructionInfoList = #[
+ new InstructionApplyActions(#[
+ new ActionDrop()
+ ])
+ ]
+ matchInfoList = #[
+ new MatchMetadata(1085217976614912bi, 1152920405095219200bi),
+ new NxMatchInfoBuilder >> [
+ matchField = NxMatchFieldType.ct_state
+ matchValues = #[
+ 48L,
+ 48L
+ ]
+ ]
+ ]
+ priority = 62015
+ tableId = 252 as short
]
]
}