summaryrefslogtreecommitdiffstats
path: root/acl
diff options
context:
space:
mode:
authorJan Srnicek <jsrnicek@cisco.com>2017-04-21 13:57:39 +0200
committerMarek Gradzki <mgradzki@cisco.com>2017-04-24 12:44:32 +0000
commit82bb8df87d276f98442439893baf7d55c3afdd8c (patch)
tree9afd723f5bf1a1aaaf21d58f8708854cd271376e /acl
parent470588683af86c9ab73538ced85e1d88f55e3b70 (diff)
HC2VPP-129 - v4 vs v6 detections based on ip-protocol
Change-Id: Id10ec084bbb096df3c40aed6319ce406bb746a21 Signed-off-by: Jan Srnicek <jsrnicek@cisco.com>
Diffstat (limited to 'acl')
-rw-r--r--acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/AceConverter.java2
-rw-r--r--acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractor.java22
-rw-r--r--acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractorTest.java34
3 files changed, 42 insertions, 16 deletions
diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/AceConverter.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/AceConverter.java
index 5293b5b28..32d075243 100644
--- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/AceConverter.java
+++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/AceConverter.java
@@ -80,7 +80,7 @@ public interface AceConverter extends MacIpAceDataExtractor, StandardAceDataExtr
rule.isPermit = standardAction(ace);
- if (standardIsIpv6(ace)) {
+ if (standardIsIpv6(standardAce, ace.getMatches())) {
rule.isIpv6 = 1;
rule.srcIpAddr = ipv6SourceAddress(standardAce);
rule.srcIpPrefixLen = ipv6SourceAddressPrefix(standardAce);
diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractor.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractor.java
index 49587ec7f..cf76567d5 100644
--- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractor.java
+++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractor.java
@@ -23,6 +23,7 @@ import io.fd.vpp.jvpp.acl.types.AclRule;
import java.util.Map;
import java.util.Optional;
import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Actions;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.ActionsBuilder;
@@ -36,6 +37,7 @@ import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.AclIpv4HeaderFields;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.AclIpv6HeaderFields;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.AclIpProtocolHeaderFields;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.actions.packet.handling.Stateful;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.actions.packet.handling.StatefulBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce;
@@ -44,6 +46,7 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv4Builder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv6;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv6Builder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.IcmpV6;
public interface StandardAceDataExtractor extends AddressExtractor, ProtoPreBindRuleProducer, IpProtocolReader {
@@ -60,13 +63,24 @@ public interface StandardAceDataExtractor extends AddressExtractor, ProtoPreBind
.orElseThrow(() -> new IllegalArgumentException(String.format("Unable to create VppAce from %s", ace)));
}
- default boolean standardIsIpv6(@Nonnull final Ace ace) {
- return Optional.ofNullable(ace.getMatches())
+ default boolean standardIsIpv6(@Nonnull final VppAce ace, @Nullable final Matches matches) {
+ final Optional<AceIpVersion> aceIpVersion = Optional.ofNullable(matches)
.map(Matches::getAceType)
.map(VppAce.class::cast)
.map(VppAce::getVppAceNodes)
- .map(VppAceNodes::getAceIpVersion)
- .map(aceIpVersion -> aceIpVersion instanceof AceIpv6)
+ .map(VppAceNodes::getAceIpVersion);
+
+ // tries to detect version by ace-ip-version
+ if(aceIpVersion.isPresent()){
+ return aceIpVersion
+ .map(version -> version instanceof AceIpv6)
+ .orElse(false);
+ }
+
+ // otherwise goes by ip-protocol
+ return Optional.ofNullable(ace.getVppAceNodes())
+ .map(AclIpProtocolHeaderFields::getIpProtocol)
+ .map(ipProtocol -> ipProtocol instanceof IcmpV6)
.orElse(false);
}
diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractorTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractorTest.java
index 35add44a2..4e0f1fd5a 100644
--- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractorTest.java
+++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractorTest.java
@@ -41,6 +41,8 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv4Builder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv6;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv6Builder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.IcmpBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.IcmpV6Builder;
public class StandardAceDataExtractorTest extends AceDataExtractorTestCase implements StandardAceDataExtractor,
@@ -58,17 +60,27 @@ public class StandardAceDataExtractorTest extends AceDataExtractorTestCase imple
}
@Test
- public void testStandardIsIpv6() {
- assertFalse(standardIsIpv6(new AceBuilder().build()));
- assertFalse(standardIsIpv6(new AceBuilder().setMatches(new MatchesBuilder().build()).build()));
- assertFalse(standardIsIpv6(
- new AceBuilder().setMatches(new MatchesBuilder().setAceType(new VppAceBuilder().build()).build())
- .build()));
- assertFalse(standardIsIpv6(new AceBuilder().setMatches(new MatchesBuilder()
- .setAceType(new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build()).build())
- .build()));
- assertTrue(standardIsIpv6(new AceBuilder().setMatches(new MatchesBuilder().setAceType(new VppAceBuilder()
- .setVppAceNodes(new VppAceNodesBuilder().setAceIpVersion(new AceIpv6Builder().build()).build()).build())
+ public void testStandardIsIpv6WithoutMatch() {
+ assertFalse(standardIsIpv6(new VppAceBuilder().build(), null));
+ assertFalse(standardIsIpv6(new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build(), null));
+ assertFalse(standardIsIpv6(new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder()
+ .setIpProtocol(new IcmpBuilder().build()).build()).build(), null));
+ assertTrue(standardIsIpv6(new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder()
+ .setIpProtocol(new IcmpV6Builder().build()).build()).build(), null));
+ }
+
+ @Test
+ public void testStandardIsIpv6WithMatch() {
+ final VppAce ipv6Ace = new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder()
+ .setIpProtocol(new IcmpV6Builder().build()).build()).build();
+
+ assertTrue(standardIsIpv6(ipv6Ace, new MatchesBuilder().build()));
+ assertTrue(standardIsIpv6(ipv6Ace, new MatchesBuilder().setAceType(new VppAceBuilder().build()).build()));
+ assertTrue(standardIsIpv6(ipv6Ace, new MatchesBuilder().setAceType(new VppAceBuilder()
+ .setVppAceNodes(new VppAceNodesBuilder().build())
+ .build()).build()));
+ assertFalse(standardIsIpv6(ipv6Ace, new MatchesBuilder().setAceType(new VppAceBuilder()
+ .setVppAceNodes(new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder().build()).build())
.build()).build()));
}