diff options
author | Jan Srnicek <jsrnicek@cisco.com> | 2016-12-16 13:07:56 +0100 |
---|---|---|
committer | Marek Gradzki <mgradzki@cisco.com> | 2016-12-20 13:59:56 +0100 |
commit | f8273e10b19ecc82bdda81feef9982ce28d5de21 (patch) | |
tree | 98d2d9686bcf24f64c0c18c633554e8629f2e22e /acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/protocol/ProtoPreBindRuleProducer.java | |
parent | e3b9212110528217c2477f588ebccc0d76ee31e1 (diff) |
HONEYCOMB-310: translation layer for acl plugin
Not covered by this patch (moved to subsequent commits):
- postman collection
- distinguish ingress/egress ACLs while reading assigned acls
- proper support for acl tag
- unit tests improvements
- read for acls (not necessarily assigned)
- initializers
Change-Id: I5a198ce1a6e20d0b1d95b4d2d83d0464fb86580c
Signed-off-by: Jan Srnicek <jsrnicek@cisco.com>
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
Diffstat (limited to 'acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/protocol/ProtoPreBindRuleProducer.java')
-rw-r--r-- | acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/protocol/ProtoPreBindRuleProducer.java | 203 |
1 files changed, 203 insertions, 0 deletions
diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/protocol/ProtoPreBindRuleProducer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/protocol/ProtoPreBindRuleProducer.java new file mode 100644 index 000000000..c1f9a40ff --- /dev/null +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/protocol/ProtoPreBindRuleProducer.java @@ -0,0 +1,203 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.acl.util.protocol; + +import static com.google.common.base.Preconditions.checkArgument; +import static io.fd.hc2vpp.acl.util.protocol.ProtoPreBindRuleProducer.ProtocolPair.pair; + +import com.google.common.collect.ImmutableSet; +import io.fd.vpp.jvpp.acl.types.AclRule; +import java.util.Optional; +import java.util.Set; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRange; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRange; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.ValueRange; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.VppAceNodes; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.IpProtocol; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.Icmp; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.IcmpV6; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.Other; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.Tcp; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.Udp; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.icmp.IcmpNodes; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.icmp.v6.IcmpV6Nodes; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.tcp.TcpNodes; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.udp.UdpNodes; + +/** + * Creates ACL rules pre-bind with protocol-related fields.<br> + * Support TCP, UDP, ICMP and ICMPv6 protocol numbers according to + * <a href="http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml"> this document </a> + */ +public interface ProtoPreBindRuleProducer { + + int ICMP_INDEX = 1; + int TCP_INDEX = 6; + int UDP_INDEX = 17; + int ICMPV6_INDEX = 58; + + Set<ProtocolPair> PROTOCOL_PAIRS = ImmutableSet.of(pair(Icmp.class, ICMP_INDEX), pair(Tcp.class, TCP_INDEX), + pair(Udp.class, UDP_INDEX), pair(IcmpV6.class, ICMPV6_INDEX)); + + class ProtocolPair { + private final Class<? extends IpProtocol> protocolClass; + private final int index; + + private ProtocolPair(final Class<? extends IpProtocol> protocolClass, final int index) { + this.protocolClass = protocolClass; + this.index = index; + } + + static ProtocolPair pair(@Nonnull final Class<? extends IpProtocol> protocolClass, @Nonnull final int index) { + return new ProtocolPair(protocolClass, index); + } + + boolean match(@Nonnull final Class<? extends IpProtocol> protocolClass) { + return this.protocolClass.isAssignableFrom(protocolClass); + } + + int getIndex() { + return this.index; + } + } + + static byte protocol(final IpProtocol ipProtocol) { + final Optional<ProtocolPair> optPair = PROTOCOL_PAIRS.stream() + .filter(protocolPair -> protocolPair.match(ipProtocol.getClass())) + .findAny(); + + if (!optPair.isPresent()) { + if (Other.class.isAssignableFrom(ipProtocol.getClass())) { + return Other.class.cast(ipProtocol).getOtherNodes().getProtocol().byteValue(); + } + + throw new IllegalArgumentException(String.format("Unsupported Protocol Type %s", ipProtocol.getClass())); + } + return (byte) optPair.get().getIndex(); + } + + static AclRule bindIcmpNodes(AclRule rule, VppAce ace) { + final VppAceNodes vppAceNodes = ace.getVppAceNodes(); + checkArgument(vppAceNodes.getIpProtocol() instanceof Icmp); + final IcmpNodes icmp = Icmp.class.cast(vppAceNodes.getIpProtocol()).getIcmpNodes(); + final ValueRange typesRange = icmp.getIcmpTypeRange(); + final ValueRange codesRange = icmp.getIcmpCodeRange(); + + rule.srcportOrIcmptypeFirst = typesRange.getFirst(); + rule.srcportOrIcmptypeLast = typesRange.getLast(); + rule.dstportOrIcmpcodeFirst = codesRange.getFirst(); + rule.dstportOrIcmpcodeLast = codesRange.getLast(); + + return rule; + } + + static AclRule bindIcmpv6Nodes(AclRule rule, VppAce ace) { + final VppAceNodes vppAceNodes = ace.getVppAceNodes(); + checkArgument(vppAceNodes.getIpProtocol() instanceof IcmpV6); + final IcmpV6Nodes icmpV6 = IcmpV6.class.cast(vppAceNodes.getIpProtocol()).getIcmpV6Nodes(); + final ValueRange typesRange = icmpV6.getIcmpTypeRange(); + final ValueRange codesRange = icmpV6.getIcmpCodeRange(); + + rule.srcportOrIcmptypeFirst = typesRange.getFirst(); + rule.srcportOrIcmptypeLast = typesRange.getLast(); + rule.dstportOrIcmpcodeFirst = codesRange.getFirst(); + rule.dstportOrIcmpcodeLast = codesRange.getLast(); + + return rule; + } + + + static AclRule bindTcpNodes(AclRule rule, VppAce ace) { + final VppAceNodes vppAceNodes = ace.getVppAceNodes(); + checkArgument(vppAceNodes.getIpProtocol() instanceof Tcp); + + final TcpNodes tcp = Tcp.class.cast(vppAceNodes.getIpProtocol()).getTcpNodes(); + final SourcePortRange sourcePortRange = tcp.getSourcePortRange(); + final DestinationPortRange destinationPortRange = tcp.getDestinationPortRange(); + + rule.srcportOrIcmptypeFirst = portNumber(sourcePortRange.getLowerPort()); + rule.srcportOrIcmptypeLast = portNumber(sourcePortRange.getUpperPort()); + rule.dstportOrIcmpcodeFirst = portNumber(destinationPortRange.getLowerPort()); + rule.dstportOrIcmpcodeLast = portNumber(destinationPortRange.getUpperPort()); + rule.tcpFlagsMask = tcp.getTcpFlagsMask().byteValue(); + rule.tcpFlagsValue = tcp.getTcpFlagsValue().byteValue(); + + return rule; + } + + static AclRule bindUdpNodes(AclRule rule, VppAce ace) { + final VppAceNodes vppAceNodes = ace.getVppAceNodes(); + checkArgument(vppAceNodes.getIpProtocol() instanceof Udp); + + final UdpNodes udp = Udp.class.cast(vppAceNodes.getIpProtocol()).getUdpNodes(); + final SourcePortRange sourcePortRange = udp.getSourcePortRange(); + final DestinationPortRange destinationPortRange = udp.getDestinationPortRange(); + + rule.srcportOrIcmptypeFirst = portNumber(sourcePortRange.getLowerPort()); + rule.srcportOrIcmptypeLast = portNumber(sourcePortRange.getUpperPort()); + rule.dstportOrIcmpcodeFirst = portNumber(destinationPortRange.getLowerPort()); + rule.dstportOrIcmpcodeLast = portNumber(destinationPortRange.getUpperPort()); + + return rule; + } + + static AclRule bindDefaultNodes(AclRule rule) { + rule.srcportOrIcmptypeFirst = 0; + rule.srcportOrIcmptypeLast = (short) 65535; + rule.dstportOrIcmpcodeFirst = 0; + rule.dstportOrIcmpcodeLast = (short) 65535; + rule.tcpFlagsValue = 0; + rule.tcpFlagsMask = 0; + return rule; + } + + static short portNumber(final PortNumber portNumber) { + return portNumber.getValue().shortValue(); + } + + default AclRule createPreBindRule(@Nonnull final VppAce vppAce) { + AclRule rule = new AclRule(); + + rule.proto = protocol(vppAce.getVppAceNodes().getIpProtocol()); + + switch (rule.proto) { + case ICMP_INDEX: { + return bindIcmpNodes(rule, vppAce); + } + + case TCP_INDEX: { + return bindTcpNodes(rule, vppAce); + } + + case UDP_INDEX: { + return bindUdpNodes(rule, vppAce); + } + + case ICMPV6_INDEX: { + return bindIcmpv6Nodes(rule, vppAce); + } + default: { + return bindDefaultNodes(rule); + } + } + + } + +} |