org.opendaylight.netvirt.aclservice

Class AbstractIngressAclServiceImpl

java.lang.Object

org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl

org.opendaylight.netvirt.aclservice.AbstractIngressAclServiceImpl

All Implemented Interfaces:

AclServiceListener

Direct Known Subclasses:

StatefulIngressAclServiceImpl

public abstract class AbstractIngressAclServiceImpl
extends AbstractAclServiceImpl

Provides abstract implementation for ingress (w.r.t VM) ACL service.

Note: Table names used are w.r.t switch. Hence, switch ingress is VM egress and vice versa.

Field Summary

Fields inherited from class org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl

aclDataUtil, aclServiceUtils, dataBroker, mdsalManager, serviceMode

Constructor Summary

Constructors

Constructor and Description
AbstractIngressAclServiceImpl(org.opendaylight.controller.md.sal.binding.api.DataBroker dataBroker, org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager mdsalManager, AclDataUtil aclDataUtil, AclServiceUtils aclServiceUtils) Initialize the member variables.

Method Summary

Modifier and Type	Method and Description
void	bindService(AclInterface aclInterface) Bind service.
protected org.opendaylight.genius.mdsalutil.MatchInfoBase	buildLPortTagMatch(int lportTag)
protected short	getIngressAclFilterTable()
protected short	getIngressAclRemoteAclTable()
protected short	getStatefulIngressAclApplyOnExistingTrafficTable()
protected void	ingressAclDhcpAllowServerTraffic(BigInteger dpId, String dhcpMacAddress, int lportTag, int addOrRemove, int protoPortMatchPriority) Add rule to ensure only DHCP server traffic from the specified mac is allowed.
protected void	ingressAclDhcpv6AllowServerTraffic(BigInteger dpId, String dhcpMacAddress, int lportTag, int addOrRemove, Integer protoPortMatchPriority) Add rule to ensure only DHCPv6 server traffic from the specified mac is allowed.
protected void	programAceRule(AclInterface port, int addOrRemove, String aclName, org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace ace, List<AllowedAddressPairs> syncAllowedAddresses) Programs the ace custom rule.
protected boolean	programAclRules(AclInterface port, List<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid> aclUuidList, int addOrRemove) Programs the acl custom rules.
protected void	programArpRule(BigInteger dpId, int lportTag, int addOrRemove) Adds the rule to allow arp packets.
protected void	programBroadcastRules(AclInterface port, int addOrRemove) Programs broadcast rules.
protected void	programGeneralFixedRules(AclInterface port, String dhcpMacAddress, List<AllowedAddressPairs> allowedAddresses, AclServiceManager.Action action, int addOrRemove) Program the default anti-spoofing rules.
protected abstract void	programSpecificFixedRules(BigInteger dpid, String dhcpMacAddress, List<AllowedAddressPairs> allowedAddresses, int lportTag, String portId, AclServiceManager.Action action, int addOrRemove) Program conntrack rules.
protected abstract String	syncSpecificAclFlow(BigInteger dpId, int lportTag, int addOrRemove, org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace ace, String portId, Map<String,List<org.opendaylight.genius.mdsalutil.MatchInfoBase>> flowMap, String flowName)
protected void	unbindService(AclInterface aclInterface) Unbind service.
protected void	updateArpForAllowedAddressPairs(BigInteger dpId, int lportTag, List<AllowedAddressPairs> deletedAAP, List<AllowedAddressPairs> addedAAP) Update arp for allowed address pairs.
protected void	updateRemoteAclTableForPort(AclInterface port, org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid acl, int addOrRemove, AllowedAddressPairs ip, BigInteger aclId, BigInteger dpId)

Methods inherited from class org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl

applyAce, applyAcl, bindAcl, collectDpns, getAclFlowPriority, getDispatcherTableResubmitInstructions, getIpPrefixOrAddress, getOperAsString, rebindAcl, removeAce, removeAcl, syncFlow, unbindAcl, updateAcl

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractIngressAclServiceImpl

public AbstractIngressAclServiceImpl(org.opendaylight.controller.md.sal.binding.api.DataBroker dataBroker,
                                     org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager mdsalManager,
                                     AclDataUtil aclDataUtil,
                                     AclServiceUtils aclServiceUtils)

Initialize the member variables.

Parameters:

dataBroker - the data broker instance.

mdsalManager - the mdsal manager.

aclDataUtil - the acl data util.

aclServiceUtils - the acl service util.

Method Detail

bindService

public void bindService(AclInterface aclInterface)

Bind service.

Specified by:

bindService in class AbstractAclServiceImpl

Parameters:

aclInterface - the acl interface

unbindService

protected void unbindService(AclInterface aclInterface)

Unbind service.

Specified by:

unbindService in class AbstractAclServiceImpl

Parameters:

aclInterface - the acl interface

programSpecificFixedRules

protected abstract void programSpecificFixedRules(BigInteger dpid,
                                                  String dhcpMacAddress,
                                                  List<AllowedAddressPairs> allowedAddresses,
                                                  int lportTag,
                                                  String portId,
                                                  AclServiceManager.Action action,
                                                  int addOrRemove)

Program conntrack rules.

Specified by:

programSpecificFixedRules in class AbstractAclServiceImpl

Parameters:

dpid - the dpid

dhcpMacAddress - the dhcp mac address.

allowedAddresses - the allowed addresses

lportTag - the lport tag

addOrRemove - add or remove the flow

portId - the port id

action - add/modify/remove action

programGeneralFixedRules

protected void programGeneralFixedRules(AclInterface port,
                                        String dhcpMacAddress,
                                        List<AllowedAddressPairs> allowedAddresses,
                                        AclServiceManager.Action action,
                                        int addOrRemove)

Description copied from class: AbstractAclServiceImpl

Program the default anti-spoofing rules.

Specified by:

programGeneralFixedRules in class AbstractAclServiceImpl

Parameters:

port - the acl interface

dhcpMacAddress - the dhcp mac address.

allowedAddresses - the allowed addresses

action - add/modify/remove action

addOrRemove - addorRemove

updateArpForAllowedAddressPairs

protected void updateArpForAllowedAddressPairs(BigInteger dpId,
                                               int lportTag,
                                               List<AllowedAddressPairs> deletedAAP,
                                               List<AllowedAddressPairs> addedAAP)

Description copied from class: AbstractAclServiceImpl

Update arp for allowed address pairs.

Specified by:

updateArpForAllowedAddressPairs in class AbstractAclServiceImpl

Parameters:

dpId - the dp id

lportTag - the lport tag

deletedAAP - the deleted allowed address pairs

addedAAP - the added allowed address pairs

programAclRules

protected boolean programAclRules(AclInterface port,
                                  List<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid> aclUuidList,
                                  int addOrRemove)

Description copied from class: AbstractAclServiceImpl

Programs the acl custom rules.

Specified by:

programAclRules in class AbstractAclServiceImpl

Parameters:

port - acl interface

aclUuidList - the list of acl uuid to be applied

addOrRemove - whether to delete or add flow

Returns:

program succeeded

programAceRule

protected void programAceRule(AclInterface port,
                              int addOrRemove,
                              String aclName,
                              org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace ace,
                              List<AllowedAddressPairs> syncAllowedAddresses)

Description copied from class: AbstractAclServiceImpl

Programs the ace custom rule.

Specified by:

programAceRule in class AbstractAclServiceImpl

Parameters:

port - acl interface

addOrRemove - whether to delete or add flow

aclName - the acl name

ace - rule to be program

syncAllowedAddresses - the allowed addresses

updateRemoteAclTableForPort

protected void updateRemoteAclTableForPort(AclInterface port,
                                           org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid acl,
                                           int addOrRemove,
                                           AllowedAddressPairs ip,
                                           BigInteger aclId,
                                           BigInteger dpId)

Specified by:

updateRemoteAclTableForPort in class AbstractAclServiceImpl

getIngressAclFilterTable

protected short getIngressAclFilterTable()

getIngressAclRemoteAclTable

protected short getIngressAclRemoteAclTable()

getStatefulIngressAclApplyOnExistingTrafficTable

protected short getStatefulIngressAclApplyOnExistingTrafficTable()

syncSpecificAclFlow

protected abstract String syncSpecificAclFlow(BigInteger dpId,
                                              int lportTag,
                                              int addOrRemove,
                                              org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace ace,
                                              String portId,
                                              Map<String,List<org.opendaylight.genius.mdsalutil.MatchInfoBase>> flowMap,
                                              String flowName)

ingressAclDhcpAllowServerTraffic

protected void ingressAclDhcpAllowServerTraffic(BigInteger dpId,
                                                String dhcpMacAddress,
                                                int lportTag,
                                                int addOrRemove,
                                                int protoPortMatchPriority)

Add rule to ensure only DHCP server traffic from the specified mac is allowed.

Parameters:

dpId - the dpid

dhcpMacAddress - the DHCP server mac address

lportTag - the lport tag

addOrRemove - is write or delete

protoPortMatchPriority - the priority

ingressAclDhcpv6AllowServerTraffic

protected void ingressAclDhcpv6AllowServerTraffic(BigInteger dpId,
                                                  String dhcpMacAddress,
                                                  int lportTag,
                                                  int addOrRemove,
                                                  Integer protoPortMatchPriority)

Add rule to ensure only DHCPv6 server traffic from the specified mac is allowed.

Parameters:

dpId - the dpid

dhcpMacAddress - the DHCP server mac address

lportTag - the lport tag

addOrRemove - is write or delete

protoPortMatchPriority - the priority

programArpRule

protected void programArpRule(BigInteger dpId,
                              int lportTag,
                              int addOrRemove)

Adds the rule to allow arp packets.

Parameters:

dpId - the dpId

lportTag - the lport tag

addOrRemove - whether to add or remove the flow

programBroadcastRules

protected void programBroadcastRules(AclInterface port,
                                     int addOrRemove)

Programs broadcast rules.

Specified by:

programBroadcastRules in class AbstractAclServiceImpl

Parameters:

port - the Acl Interface port

addOrRemove - whether to delete or add flow

buildLPortTagMatch

protected org.opendaylight.genius.mdsalutil.MatchInfoBase buildLPortTagMatch(int lportTag)