From b974849cdfb6da327acbd72fdc7e22397b4f3d54 Mon Sep 17 00:00:00 2001 From: Slava Date: Mon, 22 Aug 2016 09:19:55 +0300 Subject: [PATCH] Learn Security Groups bug fixes Change-Id: I0d0b93847520b349c9e5c6a1ef05d6ddce62adb6 Signed-off-by: Slava --- .../aclservice/AbstractAclServiceImpl.java | 27 ++++++++-- .../aclservice/AclServiceManagerImpl.java | 2 + .../aclservice/EgressAclServiceImpl.java | 27 ++++++++-- .../aclservice/IngressAclServiceImpl.java | 24 +++++++-- .../aclservice/LearnEgressAclServiceImpl.java | 45 ++--------------- .../LearnIngressAclServiceImpl.java | 49 +++---------------- .../StatelessEgressAclServiceImpl.java | 5 +- .../StatelessIngressAclServiceImpl.java | 5 +- .../TransparentEgressAclServiceImpl.java | 6 +-- .../TransparentIngressAclServiceImpl.java | 5 +- .../aclservice/utils/AclConstants.java | 1 + .../LearnEgressAclServiceImplTest.java | 22 ++++----- .../StatelessEgressAclServiceImplTest.java | 20 ++++---- .../StatelessIngressAclServiceImplTest.java | 20 ++++---- 14 files changed, 121 insertions(+), 137 deletions(-) diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractAclServiceImpl.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractAclServiceImpl.java index a7be27b23a..099d155f69 100644 --- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractAclServiceImpl.java +++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AbstractAclServiceImpl.java @@ -11,6 +11,7 @@ import java.math.BigInteger; import java.util.ArrayList; import java.util.List; import java.util.Set; + import org.opendaylight.controller.md.sal.binding.api.DataBroker; import org.opendaylight.genius.mdsalutil.ActionInfo; import org.opendaylight.genius.mdsalutil.ActionType; @@ -157,7 +158,8 @@ public abstract class AbstractAclServiceImpl implements AclServiceListener { private void programAclWithAllowedAddress(BigInteger dpId, List allowedAddresses, int lportTag, List aclUuidList, Action action, int addOrRemove, String portId) { - programFixedRules(dpId, "", allowedAddresses, lportTag, portId, action, addOrRemove); + programGeneralFixedRules(dpId, "", allowedAddresses, lportTag, action, addOrRemove); + programSpecificFixedRules(dpId, "", allowedAddresses, lportTag, portId, action, addOrRemove); if (action == Action.ADD || action == Action.REMOVE) { programAclRules(aclUuidList, dpId, lportTag, addOrRemove, portId); } @@ -216,17 +218,30 @@ public abstract class AbstractAclServiceImpl implements AclServiceListener { protected abstract void unbindService(String interfaceName); /** - * Program the default anti-spoofing rule and the conntrack rules. + * Program the default anti-spoofing rules. + * + * @param dpid the dpid + * @param dhcpMacAddress the dhcp mac address. + * @param allowedAddresses the allowed addresses + * @param lportTag the lport tag + * @param action add/modify/remove action + * @param addOrRemove addorRemove + */ + protected abstract void programGeneralFixedRules(BigInteger dpid, String dhcpMacAddress, + List allowedAddresses, int lportTag, Action action, int addOrRemove); + + /** + * Program the default specific rules. * * @param dpid the dpid * @param dhcpMacAddress the dhcp mac address. * @param allowedAddresses the allowed addresses * @param lportTag the lport tag - * @param portId the portId + * @param portId the port id * @param action add/modify/remove action * @param addOrRemove addorRemove */ - protected abstract void programFixedRules(BigInteger dpid, String dhcpMacAddress, + protected abstract void programSpecificFixedRules(BigInteger dpid, String dhcpMacAddress, List allowedAddresses, int lportTag, String portId, Action action, int addOrRemove); /** @@ -236,6 +251,7 @@ public abstract class AbstractAclServiceImpl implements AclServiceListener { * @param dpId the dpId * @param lportTag the lport tag * @param addOrRemove whether to delete or add flow + * @param portId the port id * @return program succeeded */ protected abstract boolean programAclRules(List aclUuidList, BigInteger dpId, int lportTag, int addOrRemove, @@ -248,6 +264,8 @@ public abstract class AbstractAclServiceImpl implements AclServiceListener { * @param lportTag the lport tag * @param addOrRemove whether to delete or add flow * @param ace rule to be program + * @param portId the port id + * @param syncAllowedAddresses the allowed addresses */ protected abstract void programAceRule(BigInteger dpId, int lportTag, int addOrRemove, Ace ace, String portId, List syncAllowedAddresses); @@ -330,4 +348,5 @@ public abstract class AbstractAclServiceImpl implements AclServiceListener { } return oper; } + } diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AclServiceManagerImpl.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AclServiceManagerImpl.java index 0b97ca8c62..5c010bf7a8 100644 --- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AclServiceManagerImpl.java +++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/AclServiceManagerImpl.java @@ -25,6 +25,8 @@ public class AclServiceManagerImpl implements AclServiceManager { /** * Initialize the ACL service listener list. + * @param ingressAclService ingress acl service + * @param egressAclService egress acl service */ public AclServiceManagerImpl(final IngressAclServiceImpl ingressAclService, final EgressAclServiceImpl egressAclService) { diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/EgressAclServiceImpl.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/EgressAclServiceImpl.java index cb695c4bc3..574ef22ac5 100644 --- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/EgressAclServiceImpl.java +++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/EgressAclServiceImpl.java @@ -105,9 +105,24 @@ public class EgressAclServiceImpl extends AbstractAclServiceImpl { MDSALUtil.syncDelete(dataBroker, LogicalDatastoreType.CONFIGURATION, path); } + /** + * Program conntrack rules. + * + * @param dpid the dpid + * @param dhcpMacAddress the dhcp mac address. + * @param allowedAddresses the allowed addresses + * @param lportTag the lport tag + * @param addOrRemove addorRemove + */ @Override - protected void programFixedRules(BigInteger dpid, String dhcpMacAddress, + protected void programSpecificFixedRules(BigInteger dpid, String dhcpMacAddress, List allowedAddresses, int lportTag, String portId, Action action, int addOrRemove) { + programEgressAclFixedConntrackRule(dpid, allowedAddresses, lportTag, portId, action, addOrRemove); + } + + @Override + protected void programGeneralFixedRules(BigInteger dpid, String dhcpMacAddress, + List allowedAddresses, int lportTag, Action action, int addOrRemove) { LOG.info("programFixedRules : adding default rules."); if (action == Action.ADD || action == Action.REMOVE) { @@ -119,7 +134,6 @@ public class EgressAclServiceImpl extends AbstractAclServiceImpl { egressAclIcmpv6DropRouterAdvts(dpid, lportTag, addOrRemove); } programArpRule(dpid, allowedAddresses, lportTag, addOrRemove); - programEgressAclFixedConntrackRule(dpid, allowedAddresses, lportTag, portId, action, addOrRemove); } @Override @@ -200,7 +214,8 @@ public class EgressAclServiceImpl extends AbstractAclServiceImpl { List actionsInfos = new ArrayList<>(); actionsInfos.add(new ActionInfo(ActionType.drop_action, new String[] {})); String flowName = "Egress_DHCP_Server_v4" + dpId + "_" + lportTag + "_" + dhcpMacAddress + "_Drop_"; - syncFlow(dpId, NwConstants.INGRESS_ACL_TABLE, flowName, AclConstants.PROTO_MATCH_PRIORITY, "ACL", 0, + syncFlow(dpId, NwConstants.INGRESS_ACL_TABLE, flowName, + AclConstants.PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove); } @@ -221,7 +236,8 @@ public class EgressAclServiceImpl extends AbstractAclServiceImpl { List actionsInfos = new ArrayList<>(); actionsInfos.add(new ActionInfo(ActionType.drop_action, new String[] {})); String flowName = "Egress_DHCP_Server_v6" + "_" + dpId + "_" + lportTag + "_" + dhcpMacAddress + "_Drop_"; - syncFlow(dpId, NwConstants.INGRESS_ACL_TABLE, flowName, AclConstants.PROTO_MATCH_PRIORITY, "ACL", 0, + syncFlow(dpId, NwConstants.INGRESS_ACL_TABLE, flowName, + AclConstants.PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove); } @@ -366,7 +382,8 @@ public class EgressAclServiceImpl extends AbstractAclServiceImpl { List instructions = getDispatcherTableResubmitInstructions(new ArrayList<>()); String flowName = "Egress_ARP_" + dpId + "_" + attachMac; - syncFlow(dpId, NwConstants.INGRESS_ACL_TABLE, flowName, AclConstants.PROTO_MATCH_PRIORITY, "ACL", 0, 0, + syncFlow(dpId, NwConstants.INGRESS_ACL_TABLE, flowName, + AclConstants.PROTO_ARP_TRAFFIC_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove); } } diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/IngressAclServiceImpl.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/IngressAclServiceImpl.java index ad71afe3fa..7c2ff2d973 100644 --- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/IngressAclServiceImpl.java +++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/IngressAclServiceImpl.java @@ -11,6 +11,7 @@ import java.math.BigInteger; import java.util.ArrayList; import java.util.List; import java.util.Map; + import org.opendaylight.controller.md.sal.binding.api.DataBroker; import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType; import org.opendaylight.genius.mdsalutil.ActionInfo; @@ -101,9 +102,24 @@ public class IngressAclServiceImpl extends AbstractAclServiceImpl { MDSALUtil.syncDelete(dataBroker, LogicalDatastoreType.CONFIGURATION, path); } + /** + * Program conntrack rules. + * + * @param dpid the dpid + * @param dhcpMacAddress the dhcp mac address. + * @param allowedAddresses the allowed addresses + * @param lportTag the lport tag + * @param addOrRemove add or remove the flow + */ @Override - protected void programFixedRules(BigInteger dpid, String dhcpMacAddress, List allowedAddresses, - int lportTag, String portId, Action action, int addOrRemove) { + protected void programSpecificFixedRules(BigInteger dpid, String dhcpMacAddress, + List allowedAddresses, int lportTag, String portId, Action action, int addOrRemove) { + programIngressAclFixedConntrackRule(dpid, allowedAddresses, portId, action, addOrRemove); + } + + @Override + protected void programGeneralFixedRules(BigInteger dpid, String dhcpMacAddress, + List allowedAddresses, int lportTag, Action action, int addOrRemove) { LOG.info("programFixedRules : adding default rules."); if (action == Action.ADD || action == Action.REMOVE) { @@ -114,7 +130,6 @@ public class IngressAclServiceImpl extends AbstractAclServiceImpl { ingressAclIcmpv6AllowedTraffic(dpid, lportTag, addOrRemove); } programArpRule(dpid, lportTag, addOrRemove); - programIngressAclFixedConntrackRule(dpid, allowedAddresses, portId, action, addOrRemove); } @Override @@ -358,7 +373,8 @@ public class IngressAclServiceImpl extends AbstractAclServiceImpl { List instructions = getDispatcherTableResubmitInstructions(new ArrayList<>()); String flowName = "Ingress_ARP_" + dpId + "_" + lportTag; - syncFlow(dpId, NwConstants.EGRESS_ACL_TABLE, flowName, AclConstants.PROTO_MATCH_PRIORITY, "ACL", 0, 0, + syncFlow(dpId, NwConstants.EGRESS_ACL_TABLE, flowName, + AclConstants.PROTO_ARP_TRAFFIC_MATCH_PRIORITY, "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, matches, instructions, addOrRemove); } diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnEgressAclServiceImpl.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnEgressAclServiceImpl.java index 3bda6f7ac0..495c2051ae 100644 --- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnEgressAclServiceImpl.java +++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnEgressAclServiceImpl.java @@ -53,15 +53,9 @@ public class LearnEgressAclServiceImpl extends EgressAclServiceImpl { } @Override - protected void programFixedRules(BigInteger dpid, String dhcpMacAddress, + protected void programSpecificFixedRules(BigInteger dpid, String dhcpMacAddress, List allowedAddresses, int lportTag, String portId, Action action, int addOrRemove) { - LOG.info("programFixedRules : adding default rules."); - if (action == Action.ADD || action == Action.REMOVE) { - egressAclDhcpDropServerTraffic(dpid, dhcpMacAddress, lportTag, addOrRemove); - egressAclDhcpv6DropServerTraffic(dpid, dhcpMacAddress, lportTag, addOrRemove); - } - programArpRule(dpid, allowedAddresses, lportTag, addOrRemove); } @Override @@ -89,6 +83,9 @@ public class LearnEgressAclServiceImpl extends EgressAclServiceImpl { List actionsInfos = new ArrayList<>(); addLearnActions(flowMatches, actionsInfos); + actionsInfos.add(new ActionInfo(ActionType.nx_resubmit, + new String[] {Short.toString(NwConstants.LPORT_DISPATCHER_TABLE)})); + List instructions = new ArrayList<>(); instructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos)); @@ -114,8 +111,6 @@ public class LearnEgressAclServiceImpl extends EgressAclServiceImpl { addTcpLearnActions(actionsInfos); } else if (isUdp) { addUdpLearnActions(actionsInfos); - } else if (actionsInfos.isEmpty()) { - addAllowAllLearnActions(actionsInfos); } else { addOtherProtocolsLearnActions(actionsInfos); } @@ -153,38 +148,6 @@ public class LearnEgressAclServiceImpl extends EgressAclServiceImpl { actionsInfos.add(new ActionInfo(ActionType.learn, header, flowMod)); } - private void addAllowAllLearnActions(List actionsInfos) { - String[][] flowMod = new String[5][]; - - flowMod[0] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_VALUE.name(), - Integer.toString(NwConstants.ETHTYPE_IPV4), - NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getHexType(), - NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getFlowModHeaderLen() }; - flowMod[1] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(), - NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(), - NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(), - NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getFlowModHeaderLen() }; - flowMod[2] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(), - NwConstants.NxmOfFieldType.NXM_OF_ETH_DST.getHexType(), - NwConstants.NxmOfFieldType.NXM_OF_ETH_SRC.getHexType(), - NwConstants.NxmOfFieldType.NXM_OF_ETH_SRC.getFlowModHeaderLen() }; - flowMod[3] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(), - NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getHexType(), - NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getHexType(), - NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getFlowModHeaderLen() }; - flowMod[4] = new String[] { - NwConstants.LearnFlowModsType.COPY_FROM_VALUE.name(), AclConstants.LEARN_MATCH_REG_VALUE, - NwConstants.NxmOfFieldType.NXM_NX_REG0.getHexType(), "8" }; - - String[] header = new String[] { - AclConstants.getGlobalConf(AclConstants.SECURITY_GROUP_UDP_IDLE_TO_KEY, "60"), - AclConstants.getGlobalConf(AclConstants.SECURITY_GROUP_UDP_HARD_TO_KEY, "60"), - AclConstants.PROTO_MATCH_PRIORITY.toString(), - AclConstants.COOKIE_ACL_BASE.toString(), "0", - Short.toString(NwConstants.EGRESS_LEARN_TABLE), "0", "0" }; - actionsInfos.add(new ActionInfo(ActionType.learn, header, flowMod)); - } - private void addTcpLearnActions(List actionsInfos) { String[][] flowMod = new String[6][]; diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnIngressAclServiceImpl.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnIngressAclServiceImpl.java index b456244ee9..6afcd12737 100644 --- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnIngressAclServiceImpl.java +++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/LearnIngressAclServiceImpl.java @@ -44,15 +44,9 @@ public class LearnIngressAclServiceImpl extends IngressAclServiceImpl { } @Override - protected void programFixedRules(BigInteger dpid, String dhcpMacAddress, List allowedAddresses, - int lportTag, String portId, Action action, int addOrRemove) { - LOG.info("programFixedRules : adding default rules."); - - ingressAclDhcpAllowServerTraffic(dpid, dhcpMacAddress, lportTag, addOrRemove, - AclConstants.PROTO_PREFIX_MATCH_PRIORITY); - ingressAclDhcpv6AllowServerTraffic(dpid, dhcpMacAddress, lportTag, addOrRemove, - AclConstants.PROTO_PREFIX_MATCH_PRIORITY); - programArpRule(dpid, lportTag, addOrRemove); + protected void programSpecificFixedRules(BigInteger dpid, String dhcpMacAddress, + List allowedAddresses, int lportTag, String portId, Action action, int addOrRemove) { + } @Override @@ -80,6 +74,9 @@ public class LearnIngressAclServiceImpl extends IngressAclServiceImpl { List actionsInfos = new ArrayList<>(); addLearnActions(flowMatches, actionsInfos); + actionsInfos.add(new ActionInfo(ActionType.nx_resubmit, + new String[] {Short.toString(NwConstants.EGRESS_LPORT_DISPATCHER_TABLE)})); + List instructions = new ArrayList<>(); instructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos)); @@ -105,8 +102,6 @@ public class LearnIngressAclServiceImpl extends IngressAclServiceImpl { addTcpLearnActions(actionsInfos); } else if (isUdp) { addUdpLearnActions(actionsInfos); - } else if (actionsInfos.isEmpty()) { - addAllowAllLearnActions(actionsInfos); } else { addOtherProtocolsLearnActions(actionsInfos); } @@ -144,38 +139,6 @@ public class LearnIngressAclServiceImpl extends IngressAclServiceImpl { actionsInfos.add(new ActionInfo(ActionType.learn, header, flowMod)); } - private void addAllowAllLearnActions(List actionsInfos) { - String[][] flowMod = new String[5][]; - - flowMod[0] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_VALUE.name(), - Integer.toString(NwConstants.ETHTYPE_IPV4), - NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getHexType(), - NwConstants.NxmOfFieldType.NXM_OF_ETH_TYPE.getFlowModHeaderLen() }; - flowMod[1] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(), - NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getHexType(), - NwConstants.NxmOfFieldType.NXM_OF_IP_DST.getHexType(), - NwConstants.NxmOfFieldType.NXM_OF_IP_SRC.getFlowModHeaderLen() }; - flowMod[2] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(), - NwConstants.NxmOfFieldType.NXM_OF_ETH_SRC.getHexType(), - NwConstants.NxmOfFieldType.NXM_OF_ETH_DST.getHexType(), - NwConstants.NxmOfFieldType.NXM_OF_ETH_SRC.getFlowModHeaderLen() }; - flowMod[3] = new String[] { NwConstants.LearnFlowModsType.MATCH_FROM_FIELD.name(), - NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getHexType(), - NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getHexType(), - NwConstants.NxmOfFieldType.NXM_OF_IP_PROTO.getFlowModHeaderLen() }; - flowMod[4] = new String[] { - NwConstants.LearnFlowModsType.COPY_FROM_VALUE.name(), AclConstants.LEARN_MATCH_REG_VALUE, - NwConstants.NxmOfFieldType.NXM_NX_REG0.getHexType(), "8" }; - - String[] header = new String[] { - AclConstants.getGlobalConf(AclConstants.SECURITY_GROUP_UDP_IDLE_TO_KEY, "60"), - AclConstants.getGlobalConf(AclConstants.SECURITY_GROUP_UDP_HARD_TO_KEY, "60"), - AclConstants.PROTO_MATCH_PRIORITY.toString(), - AclConstants.COOKIE_ACL_BASE.toString(), "0", - Short.toString(NwConstants.INGRESS_LEARN_TABLE), "0", "0" }; - actionsInfos.add(new ActionInfo(ActionType.learn, header, flowMod)); - } - private void addTcpLearnActions(List actionsInfos) { String[][] flowMod = new String[6][]; diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/StatelessEgressAclServiceImpl.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/StatelessEgressAclServiceImpl.java index 16bc0a9075..08b0c5c1f7 100644 --- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/StatelessEgressAclServiceImpl.java +++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/StatelessEgressAclServiceImpl.java @@ -11,6 +11,7 @@ import java.math.BigInteger; import java.util.ArrayList; import java.util.List; import java.util.Map; + import org.opendaylight.controller.md.sal.binding.api.DataBroker; import org.opendaylight.genius.mdsalutil.ActionInfo; import org.opendaylight.genius.mdsalutil.InstructionInfo; @@ -51,8 +52,8 @@ public class StatelessEgressAclServiceImpl extends EgressAclServiceImpl { } @Override - protected void programFixedRules(BigInteger dpid, String dhcpMacAddress, List allowedAddresses, - int lportTag, String portId, Action action, int addOrRemove) { + protected void programSpecificFixedRules(BigInteger dpid, String dhcpMacAddress, + List allowedAddresses, int lportTag, String portId, Action action, int addOrRemove) { } @Override diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/StatelessIngressAclServiceImpl.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/StatelessIngressAclServiceImpl.java index 4b20256ace..6369ca09d7 100644 --- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/StatelessIngressAclServiceImpl.java +++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/StatelessIngressAclServiceImpl.java @@ -11,6 +11,7 @@ import java.math.BigInteger; import java.util.ArrayList; import java.util.List; import java.util.Map; + import org.opendaylight.controller.md.sal.binding.api.DataBroker; import org.opendaylight.genius.mdsalutil.ActionInfo; import org.opendaylight.genius.mdsalutil.InstructionInfo; @@ -50,8 +51,8 @@ public class StatelessIngressAclServiceImpl extends IngressAclServiceImpl { } @Override - protected void programFixedRules(BigInteger dpid, String dhcpMacAddress, List allowedAddresses, - int lportTag, String portId, Action action, int addOrRemove) { + protected void programSpecificFixedRules(BigInteger dpid, String dhcpMacAddress, + List allowedAddresses, int lportTag, String portId, Action action, int addOrRemove) { } @Override diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/TransparentEgressAclServiceImpl.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/TransparentEgressAclServiceImpl.java index f03ff9af2a..9715bc0da3 100644 --- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/TransparentEgressAclServiceImpl.java +++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/TransparentEgressAclServiceImpl.java @@ -9,6 +9,7 @@ package org.opendaylight.netvirt.aclservice; import java.math.BigInteger; import java.util.List; + import org.opendaylight.controller.md.sal.binding.api.DataBroker; import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager; import org.opendaylight.netvirt.aclservice.api.AclServiceManager.Action; @@ -20,7 +21,6 @@ import org.slf4j.LoggerFactory; /** * Provides the transparent implementation for egress (w.r.t VM) ACL service. * - *

*/ public class TransparentEgressAclServiceImpl extends EgressAclServiceImpl { @@ -32,8 +32,8 @@ public class TransparentEgressAclServiceImpl extends EgressAclServiceImpl { } @Override - protected void programFixedRules(BigInteger dpid, String dhcpMacAddress, List allowedAddresses, - int lportTag, String portId, Action action, int addOrRemove) { + protected void programSpecificFixedRules(BigInteger dpid, String dhcpMacAddress, + List allowedAddresses, int lportTag, String portId, Action action, int addOrRemove) { } @Override diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/TransparentIngressAclServiceImpl.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/TransparentIngressAclServiceImpl.java index 9bf0748832..dddd6aac4c 100644 --- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/TransparentIngressAclServiceImpl.java +++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/TransparentIngressAclServiceImpl.java @@ -9,6 +9,7 @@ package org.opendaylight.netvirt.aclservice; import java.math.BigInteger; import java.util.List; + import org.opendaylight.controller.md.sal.binding.api.DataBroker; import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager; import org.opendaylight.netvirt.aclservice.api.AclServiceManager.Action; @@ -33,8 +34,8 @@ public class TransparentIngressAclServiceImpl extends IngressAclServiceImpl { } @Override - protected void programFixedRules(BigInteger dpid, String dhcpMacAddress, List allowedAddresses, - int lportTag, String portId, Action action, int addOrRemove) { + protected void programSpecificFixedRules(BigInteger dpid, String dhcpMacAddress, + List allowedAddresses, int lportTag, String portId, Action action, int addOrRemove) { } @Override diff --git a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/utils/AclConstants.java b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/utils/AclConstants.java index 77c783b64b..c95c7a6699 100644 --- a/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/utils/AclConstants.java +++ b/vpnservice/aclservice/impl/src/main/java/org/opendaylight/netvirt/aclservice/utils/AclConstants.java @@ -26,6 +26,7 @@ public final class AclConstants { public static final Integer PROTO_IPV6_ALLOWED_PRIORITY = 63010; public static final Integer PROTO_DHCP_SERVER_MATCH_PRIORITY = 63010; public static final Integer PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY = 63010; + public static final Integer PROTO_ARP_TRAFFIC_MATCH_PRIORITY = 63010; public static final Integer PROTO_MATCH_PRIORITY = 61010; public static final Integer PREFIX_MATCH_PRIORITY = 61009; public static final Integer PROTO_PREFIX_MATCH_PRIORITY = 61008; diff --git a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/LearnEgressAclServiceImplTest.java b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/LearnEgressAclServiceImplTest.java index 1bdc60976d..ab1e81cb4e 100644 --- a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/LearnEgressAclServiceImplTest.java +++ b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/LearnEgressAclServiceImplTest.java @@ -106,9 +106,9 @@ public class LearnEgressAclServiceImplTest { Uuid sgUuid = new Uuid("12345678-1234-1234-1234-123456789012"); AclInterface ai = stubTcpAclInterface(sgUuid, "if_name", "1.1.1.1/32", 80, 80); assertEquals(true, testedService.applyAcl(ai)); - assertEquals(4, installFlowValueSaver.getNumOfInvocations()); + assertEquals(8, installFlowValueSaver.getNumOfInvocations()); - FlowEntity flow = (FlowEntity) installFlowValueSaver.getInvocationParams(3).get(0); + FlowEntity flow = (FlowEntity) installFlowValueSaver.getInvocationParams(7).get(0); AclServiceTestUtils.verifyMatchInfo(flow.getMatchInfoList(), NxMatchFieldType.nx_tcp_dst_with_mask, "80", "65535"); AclServiceTestUtils.verifyActionTypeExist(flow.getInstructionInfoList().get(0).getActionInfos(), @@ -121,9 +121,9 @@ public class LearnEgressAclServiceImplTest { Uuid sgUuid = new Uuid("12345678-1234-1234-1234-123456789012"); AclInterface ai = stubAllowAllInterface(sgUuid, "if_name"); assertEquals(true, testedService.applyAcl(ai)); - assertEquals(4, installFlowValueSaver.getNumOfInvocations()); + assertEquals(8, installFlowValueSaver.getNumOfInvocations()); - FlowEntity flow = (FlowEntity) installFlowValueSaver.getInvocationParams(3).get(0); + FlowEntity flow = (FlowEntity) installFlowValueSaver.getInvocationParams(7).get(0); AclServiceTestUtils.verifyActionTypeExist(flow.getInstructionInfoList().get(0).getActionInfos(), ActionType.learn); } @@ -133,12 +133,12 @@ public class LearnEgressAclServiceImplTest { Uuid sgUuid = new Uuid("12345678-1234-1234-1234-123456789012"); AclInterface ai = stubTcpAclInterface(sgUuid, "if_name", "1.1.1.1/32", 80, 84); assertEquals(true, testedService.applyAcl(ai)); - assertEquals(5, installFlowValueSaver.getNumOfInvocations()); - FlowEntity firstRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(3).get(0); + assertEquals(9, installFlowValueSaver.getNumOfInvocations()); + FlowEntity firstRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(7).get(0); AclServiceTestUtils.verifyMatchInfo(firstRangeFlow.getMatchInfoList(), NxMatchFieldType.nx_tcp_dst_with_mask, "80", "65532"); - FlowEntity secondRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(4).get(0); + FlowEntity secondRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(8).get(0); AclServiceTestUtils.verifyMatchInfo(secondRangeFlow.getMatchInfoList(), NxMatchFieldType.nx_tcp_dst_with_mask, "84", "65535"); } @@ -148,8 +148,8 @@ public class LearnEgressAclServiceImplTest { Uuid sgUuid = new Uuid("12345678-1234-1234-1234-123456789012"); AclInterface ai = stubUdpAclInterface(sgUuid, "if_name", "1.1.1.1/32", 80, 80); assertEquals(true, testedService.applyAcl(ai)); - assertEquals(4, installFlowValueSaver.getNumOfInvocations()); - FlowEntity flow = (FlowEntity) installFlowValueSaver.getInvocationParams(3).get(0); + assertEquals(8, installFlowValueSaver.getNumOfInvocations()); + FlowEntity flow = (FlowEntity) installFlowValueSaver.getInvocationParams(7).get(0); AclServiceTestUtils.verifyMatchInfo(flow.getMatchInfoList(), NxMatchFieldType.nx_udp_dst_with_mask, "80", "65535"); AclServiceTestUtils.verifyActionTypeExist(flow.getInstructionInfoList().get(0).getActionInfos(), @@ -162,8 +162,8 @@ public class LearnEgressAclServiceImplTest { Uuid sgUuid = new Uuid("12345678-1234-1234-1234-123456789012"); AclInterface ai = stubTcpAclInterface(sgUuid, "if_name", "1.1.1.1/32", 80, 80); assertEquals(true, testedService.removeAcl(ai)); - assertEquals(1, removeFlowValueSaver.getNumOfInvocations()); - FlowEntity firstRangeFlow = (FlowEntity) removeFlowValueSaver.getInvocationParams(0).get(0); + assertEquals(5, removeFlowValueSaver.getNumOfInvocations()); + FlowEntity firstRangeFlow = (FlowEntity) removeFlowValueSaver.getInvocationParams(4).get(0); AclServiceTestUtils.verifyMatchInfo(firstRangeFlow.getMatchInfoList(), MatchFieldType.tcp_flags, "2"); AclServiceTestUtils.verifyMatchInfo(firstRangeFlow.getMatchInfoList(), NxMatchFieldType.nx_tcp_dst_with_mask, "80", "65535"); diff --git a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/StatelessEgressAclServiceImplTest.java b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/StatelessEgressAclServiceImplTest.java index 78eab005fa..d303f34803 100644 --- a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/StatelessEgressAclServiceImplTest.java +++ b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/StatelessEgressAclServiceImplTest.java @@ -104,9 +104,9 @@ public class StatelessEgressAclServiceImplTest { Uuid sgUuid = new Uuid("12345678-1234-1234-1234-123456789012"); AclInterface ai = stubTcpAclInterface(sgUuid, "if_name", "1.1.1.1/32", 80, 80); assertEquals(true, testedService.applyAcl(ai)); - assertEquals(1, installFlowValueSaver.getNumOfInvocations()); + assertEquals(8, installFlowValueSaver.getNumOfInvocations()); - FlowEntity firstRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(0).get(0); + FlowEntity firstRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(7).get(0); AclServiceTestUtils.verifyMatchInfo(firstRangeFlow.getMatchInfoList(), NxMatchFieldType.nx_tcp_dst_with_mask, "80", "65535"); AclServiceTestUtils.verifyMatchInfo(firstRangeFlow.getMatchInfoList(), MatchFieldType.tcp_flags, "2"); @@ -120,9 +120,9 @@ public class StatelessEgressAclServiceImplTest { Uuid sgUuid = new Uuid("12345678-1234-1234-1234-123456789012"); AclInterface ai = stubAllowAllInterface(sgUuid, "if_name"); assertEquals(true, testedService.applyAcl(ai)); - assertEquals(1, installFlowValueSaver.getNumOfInvocations()); + assertEquals(8, installFlowValueSaver.getNumOfInvocations()); - FlowEntity firstRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(0).get(0); + FlowEntity firstRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(7).get(0); AclServiceTestUtils.verifyMatchInfo(firstRangeFlow.getMatchInfoList(), MatchFieldType.tcp_flags, "2"); AclServiceTestUtils.verifyActionInfo(firstRangeFlow.getInstructionInfoList().get(0).getActionInfos(), ActionType.nx_resubmit, "" + NwConstants.LPORT_DISPATCHER_TABLE); @@ -133,13 +133,13 @@ public class StatelessEgressAclServiceImplTest { Uuid sgUuid = new Uuid("12345678-1234-1234-1234-123456789012"); AclInterface ai = stubTcpAclInterface(sgUuid, "if_name", "1.1.1.1/32", 80, 84); assertEquals(true, testedService.applyAcl(ai)); - assertEquals(2, installFlowValueSaver.getNumOfInvocations()); - FlowEntity firstRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(0).get(0); + assertEquals(9, installFlowValueSaver.getNumOfInvocations()); + FlowEntity firstRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(7).get(0); AclServiceTestUtils.verifyMatchInfo(firstRangeFlow.getMatchInfoList(), NxMatchFieldType.nx_tcp_dst_with_mask, "80", "65532"); AclServiceTestUtils.verifyMatchInfo(firstRangeFlow.getMatchInfoList(), MatchFieldType.tcp_flags, "2"); - FlowEntity secondRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(1).get(0); + FlowEntity secondRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(8).get(0); AclServiceTestUtils.verifyMatchInfo(secondRangeFlow.getMatchInfoList(), NxMatchFieldType.nx_tcp_dst_with_mask, "84", "65535"); AclServiceTestUtils.verifyMatchInfo(secondRangeFlow.getMatchInfoList(), MatchFieldType.tcp_flags, "2"); @@ -150,7 +150,7 @@ public class StatelessEgressAclServiceImplTest { Uuid sgUuid = new Uuid("12345678-1234-1234-1234-123456789012"); AclInterface ai = stubUdpAclInterface(sgUuid, "if_name", "1.1.1.1/32", 80, 80); assertEquals(true, testedService.applyAcl(ai)); - assertEquals(0, installFlowValueSaver.getNumOfInvocations()); + assertEquals(7, installFlowValueSaver.getNumOfInvocations()); } @Test @@ -158,8 +158,8 @@ public class StatelessEgressAclServiceImplTest { Uuid sgUuid = new Uuid("12345678-1234-1234-1234-123456789012"); AclInterface ai = stubTcpAclInterface(sgUuid, "if_name", "1.1.1.1/32", 80, 80); assertEquals(true, testedService.removeAcl(ai)); - assertEquals(1, removeFlowValueSaver.getNumOfInvocations()); - FlowEntity firstRangeFlow = (FlowEntity) removeFlowValueSaver.getInvocationParams(0).get(0); + assertEquals(8, removeFlowValueSaver.getNumOfInvocations()); + FlowEntity firstRangeFlow = (FlowEntity) removeFlowValueSaver.getInvocationParams(7).get(0); AclServiceTestUtils.verifyMatchInfo(firstRangeFlow.getMatchInfoList(), MatchFieldType.tcp_flags, "2"); AclServiceTestUtils.verifyMatchInfo(firstRangeFlow.getMatchInfoList(), NxMatchFieldType.nx_tcp_dst_with_mask, "80", "65535"); diff --git a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/StatelessIngressAclServiceImplTest.java b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/StatelessIngressAclServiceImplTest.java index 4a080e3ee4..6860b5f21b 100644 --- a/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/StatelessIngressAclServiceImplTest.java +++ b/vpnservice/aclservice/impl/src/test/java/org/opendaylight/netvirt/aclservice/StatelessIngressAclServiceImplTest.java @@ -105,9 +105,9 @@ public class StatelessIngressAclServiceImplTest { Uuid sgUuid = new Uuid("12345678-1234-1234-1234-123456789012"); AclInterface ai = stubTcpAclInterface(sgUuid, "if_name", "1.1.1.1/32", 80, 80); assertEquals(true, testedService.applyAcl(ai)); - assertEquals(1, installFlowValueSaver.getNumOfInvocations()); + assertEquals(7, installFlowValueSaver.getNumOfInvocations()); - FlowEntity firstRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(0).get(0); + FlowEntity firstRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(6).get(0); AclServiceTestUtils.verifyMatchInfo(firstRangeFlow.getMatchInfoList(), NxMatchFieldType.nx_tcp_dst_with_mask, "80", "65535"); AclServiceTestUtils.verifyMatchInfo(firstRangeFlow.getMatchInfoList(), MatchFieldType.tcp_flags, "2"); @@ -120,9 +120,9 @@ public class StatelessIngressAclServiceImplTest { Uuid sgUuid = new Uuid("12345678-1234-1234-1234-123456789012"); AclInterface ai = stubAllowAllInterface(sgUuid, "if_name"); assertEquals(true, testedService.applyAcl(ai)); - assertEquals(1, installFlowValueSaver.getNumOfInvocations()); + assertEquals(7, installFlowValueSaver.getNumOfInvocations()); - FlowEntity firstRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(0).get(0); + FlowEntity firstRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(6).get(0); AclServiceTestUtils.verifyMatchInfo(firstRangeFlow.getMatchInfoList(), MatchFieldType.tcp_flags, "2"); AclServiceTestUtils.verifyActionInfo(firstRangeFlow.getInstructionInfoList().get(0).getActionInfos(), ActionType.nx_resubmit, "" + NwConstants.EGRESS_LPORT_DISPATCHER_TABLE); @@ -133,15 +133,15 @@ public class StatelessIngressAclServiceImplTest { Uuid sgUuid = new Uuid("12345678-1234-1234-1234-123456789012"); AclInterface ai = stubTcpAclInterface(sgUuid, "if_name", "1.1.1.1/32", 80, 84); assertEquals(true, testedService.applyAcl(ai)); - assertEquals(2, installFlowValueSaver.getNumOfInvocations()); - FlowEntity firstRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(0).get(0); + assertEquals(8, installFlowValueSaver.getNumOfInvocations()); + FlowEntity firstRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(6).get(0); // should have been 80-83 will be fixed as part of the port range support // https://bugs.opendaylight.org/show_bug.cgi?id=6200 AclServiceTestUtils.verifyMatchInfo(firstRangeFlow.getMatchInfoList(), NxMatchFieldType.nx_tcp_dst_with_mask, "80", "65532"); AclServiceTestUtils.verifyMatchInfo(firstRangeFlow.getMatchInfoList(), MatchFieldType.tcp_flags, "2"); - FlowEntity secondRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(1).get(0); + FlowEntity secondRangeFlow = (FlowEntity) installFlowValueSaver.getInvocationParams(7).get(0); AclServiceTestUtils.verifyMatchInfo(secondRangeFlow.getMatchInfoList(), NxMatchFieldType.nx_tcp_dst_with_mask, "84", "65535"); AclServiceTestUtils.verifyMatchInfo(secondRangeFlow.getMatchInfoList(), MatchFieldType.tcp_flags, "2"); @@ -152,7 +152,7 @@ public class StatelessIngressAclServiceImplTest { Uuid sgUuid = new Uuid("12345678-1234-1234-1234-123456789012"); AclInterface ai = stubUdpAclInterface(sgUuid, "if_name", "1.1.1.1/32", 80, 80); assertEquals(true, testedService.applyAcl(ai)); - assertEquals(0, installFlowValueSaver.getNumOfInvocations()); + assertEquals(6, installFlowValueSaver.getNumOfInvocations()); } @Test @@ -160,8 +160,8 @@ public class StatelessIngressAclServiceImplTest { Uuid sgUuid = new Uuid("12345678-1234-1234-1234-123456789012"); AclInterface ai = stubTcpAclInterface(sgUuid, "if_name", "1.1.1.1/32", 80, 80); assertEquals(true, testedService.removeAcl(ai)); - assertEquals(1, removeFlowValueSaver.getNumOfInvocations()); - FlowEntity firstSynFlow = (FlowEntity) removeFlowValueSaver.getInvocationParams(0).get(0); + assertEquals(7, removeFlowValueSaver.getNumOfInvocations()); + FlowEntity firstSynFlow = (FlowEntity) removeFlowValueSaver.getInvocationParams(6).get(0); AclServiceTestUtils.verifyMatchInfo(firstSynFlow.getMatchInfoList(), NxMatchFieldType.nx_tcp_dst_with_mask, "80", "65535"); AclServiceTestUtils.verifyMatchInfo(firstSynFlow.getMatchInfoList(), MatchFieldType.tcp_flags, -- 2.36.6