diff options
author | Jan Srnicek <jsrnicek@cisco.com> | 2017-04-21 13:57:39 +0200 |
---|---|---|
committer | Marek Gradzki <mgradzki@cisco.com> | 2017-04-24 12:44:32 +0000 |
commit | 82bb8df87d276f98442439893baf7d55c3afdd8c (patch) | |
tree | 9afd723f5bf1a1aaaf21d58f8708854cd271376e /acl | |
parent | 470588683af86c9ab73538ced85e1d88f55e3b70 (diff) |
HC2VPP-129 - v4 vs v6 detections based on ip-protocol
Change-Id: Id10ec084bbb096df3c40aed6319ce406bb746a21
Signed-off-by: Jan Srnicek <jsrnicek@cisco.com>
Diffstat (limited to 'acl')
3 files changed, 42 insertions, 16 deletions
diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/AceConverter.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/AceConverter.java index 5293b5b28..32d075243 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/AceConverter.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/AceConverter.java @@ -80,7 +80,7 @@ public interface AceConverter extends MacIpAceDataExtractor, StandardAceDataExtr rule.isPermit = standardAction(ace); - if (standardIsIpv6(ace)) { + if (standardIsIpv6(standardAce, ace.getMatches())) { rule.isIpv6 = 1; rule.srcIpAddr = ipv6SourceAddress(standardAce); rule.srcIpPrefixLen = ipv6SourceAddressPrefix(standardAce); diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractor.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractor.java index 49587ec7f..cf76567d5 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractor.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractor.java @@ -23,6 +23,7 @@ import io.fd.vpp.jvpp.acl.types.AclRule; import java.util.Map; import java.util.Optional; import javax.annotation.Nonnull; +import javax.annotation.Nullable; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Actions; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.ActionsBuilder; @@ -36,6 +37,7 @@ import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types. import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.AclIpv4HeaderFields; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.AclIpv6HeaderFields; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.AclIpProtocolHeaderFields; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.actions.packet.handling.Stateful; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.actions.packet.handling.StatefulBuilder; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce; @@ -44,6 +46,7 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl. import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv4Builder; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv6; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv6Builder; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.IcmpV6; public interface StandardAceDataExtractor extends AddressExtractor, ProtoPreBindRuleProducer, IpProtocolReader { @@ -60,13 +63,24 @@ public interface StandardAceDataExtractor extends AddressExtractor, ProtoPreBind .orElseThrow(() -> new IllegalArgumentException(String.format("Unable to create VppAce from %s", ace))); } - default boolean standardIsIpv6(@Nonnull final Ace ace) { - return Optional.ofNullable(ace.getMatches()) + default boolean standardIsIpv6(@Nonnull final VppAce ace, @Nullable final Matches matches) { + final Optional<AceIpVersion> aceIpVersion = Optional.ofNullable(matches) .map(Matches::getAceType) .map(VppAce.class::cast) .map(VppAce::getVppAceNodes) - .map(VppAceNodes::getAceIpVersion) - .map(aceIpVersion -> aceIpVersion instanceof AceIpv6) + .map(VppAceNodes::getAceIpVersion); + + // tries to detect version by ace-ip-version + if(aceIpVersion.isPresent()){ + return aceIpVersion + .map(version -> version instanceof AceIpv6) + .orElse(false); + } + + // otherwise goes by ip-protocol + return Optional.ofNullable(ace.getVppAceNodes()) + .map(AclIpProtocolHeaderFields::getIpProtocol) + .map(ipProtocol -> ipProtocol instanceof IcmpV6) .orElse(false); } diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractorTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractorTest.java index 35add44a2..4e0f1fd5a 100644 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractorTest.java +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractorTest.java @@ -41,6 +41,8 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl. import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv4Builder; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv6; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv6Builder; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.IcmpBuilder; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.IcmpV6Builder; public class StandardAceDataExtractorTest extends AceDataExtractorTestCase implements StandardAceDataExtractor, @@ -58,17 +60,27 @@ public class StandardAceDataExtractorTest extends AceDataExtractorTestCase imple } @Test - public void testStandardIsIpv6() { - assertFalse(standardIsIpv6(new AceBuilder().build())); - assertFalse(standardIsIpv6(new AceBuilder().setMatches(new MatchesBuilder().build()).build())); - assertFalse(standardIsIpv6( - new AceBuilder().setMatches(new MatchesBuilder().setAceType(new VppAceBuilder().build()).build()) - .build())); - assertFalse(standardIsIpv6(new AceBuilder().setMatches(new MatchesBuilder() - .setAceType(new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build()).build()) - .build())); - assertTrue(standardIsIpv6(new AceBuilder().setMatches(new MatchesBuilder().setAceType(new VppAceBuilder() - .setVppAceNodes(new VppAceNodesBuilder().setAceIpVersion(new AceIpv6Builder().build()).build()).build()) + public void testStandardIsIpv6WithoutMatch() { + assertFalse(standardIsIpv6(new VppAceBuilder().build(), null)); + assertFalse(standardIsIpv6(new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build(), null)); + assertFalse(standardIsIpv6(new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder() + .setIpProtocol(new IcmpBuilder().build()).build()).build(), null)); + assertTrue(standardIsIpv6(new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder() + .setIpProtocol(new IcmpV6Builder().build()).build()).build(), null)); + } + + @Test + public void testStandardIsIpv6WithMatch() { + final VppAce ipv6Ace = new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder() + .setIpProtocol(new IcmpV6Builder().build()).build()).build(); + + assertTrue(standardIsIpv6(ipv6Ace, new MatchesBuilder().build())); + assertTrue(standardIsIpv6(ipv6Ace, new MatchesBuilder().setAceType(new VppAceBuilder().build()).build())); + assertTrue(standardIsIpv6(ipv6Ace, new MatchesBuilder().setAceType(new VppAceBuilder() + .setVppAceNodes(new VppAceNodesBuilder().build()) + .build()).build())); + assertFalse(standardIsIpv6(ipv6Ace, new MatchesBuilder().setAceType(new VppAceBuilder() + .setVppAceNodes(new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder().build()).build()) .build()).build())); } |