diff options
author | Marek Gradzki <mgradzki@cisco.com> | 2016-10-11 12:35:51 +0200 |
---|---|---|
committer | Marek Gradzki <mgradzki@cisco.com> | 2016-10-11 10:51:37 +0000 |
commit | 7fa476774566cce370c5a5e97b410746bc3b4484 (patch) | |
tree | 4a4f5cd88e12f1853f590c4386399c0486cd1ce1 | |
parent | 11e154ab3e09464086cad06376a5da25430cf48b (diff) |
HONEYCOMB-258: fix protocol field translation in ACEs
It was translated to version field,
but should be to protocol/next header field.
Change-Id: I0cf23fdd43246bcc559f61d97701c9153e9b3607
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
4 files changed, 51 insertions, 34 deletions
diff --git a/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4Writer.java b/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4Writer.java index 939954f40..2f8d030ae 100644 --- a/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4Writer.java +++ b/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4Writer.java @@ -45,9 +45,10 @@ final class AceIp4Writer extends AbstractAceWriter<AceIp> implements Ipv4Transla private static final int ETHER_TYPE_OFFSET = 12; // first 14 bytes represent L2 header (2x6) private static final int IP_VERSION_OFFSET = ETHER_TYPE_OFFSET+2; - private static final int IP_VERSION_MASK = 0xf0; private static final int DSCP_OFFSET = 15; private static final int DSCP_MASK = 0xfc; + private static final int IP_PROTOCOL_OFFSET = IP_VERSION_OFFSET+9; + private static final int IP_PROTOCOL_MASK = 0xff; private static final int IP4_LEN = 4; private static final int SRC_IP_OFFSET = IP_VERSION_OFFSET + 12; private static final int DST_IP_OFFSET = SRC_IP_OFFSET + IP4_LEN; @@ -100,16 +101,15 @@ final class AceIp4Writer extends AbstractAceWriter<AceIp> implements Ipv4Transla request.mask[baseOffset + ETHER_TYPE_OFFSET + 1] = (byte) 0xff; } - // First 14 bytes represent l2 header (2x6 + etherType(2)) - if (aceIp.getProtocol() != null) { // Internet Protocol number - request.mask[baseOffset + IP_VERSION_OFFSET] = (byte) IP_VERSION_MASK; // first 4 bits - } - if (aceIp.getDscp() != null) { aceIsEmpty = false; request.mask[baseOffset + DSCP_OFFSET] = (byte) DSCP_MASK; // first 6 bits } + if (aceIp.getProtocol() != null) { // Internet Protocol number + request.mask[baseOffset + IP_PROTOCOL_OFFSET] = (byte) IP_PROTOCOL_MASK; + } + if (aceIp.getSourcePortRange() != null) { LOG.warn("L4 Header fields are not supported. Ignoring {}", aceIp.getSourcePortRange()); } @@ -163,8 +163,7 @@ final class AceIp4Writer extends AbstractAceWriter<AceIp> implements Ipv4Transla } if (aceIp.getProtocol() != null) { - request.match[baseOffset + IP_VERSION_OFFSET] = - (byte) (IP_VERSION_MASK & (aceIp.getProtocol().intValue() << 4)); + request.match[baseOffset + IP_PROTOCOL_OFFSET] = (byte) (IP_PROTOCOL_MASK & aceIp.getProtocol()); } if (aceIp.getDscp() != null) { diff --git a/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6Writer.java b/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6Writer.java index 911b5379f..f1cccba92 100644 --- a/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6Writer.java +++ b/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6Writer.java @@ -46,9 +46,10 @@ final class AceIp6Writer extends AbstractAceWriter<AceIp> { private static final int ETHER_TYPE_OFFSET = 12; // first 14 bytes represent L2 header (2x6) private static final int IP_VERSION_OFFSET = ETHER_TYPE_OFFSET+2; - private static final int IP_VERSION_MASK = 0xf0; private static final int DSCP_MASK1 = 0x0f; private static final int DSCP_MASK2 = 0xc0; + private static final int IP_PROTOCOL_OFFSET = IP_VERSION_OFFSET+6; + private static final int IP_PROTOCOL_MASK = 0xff; private static final int IP6_LEN = 16; private static final int SRC_IP_OFFSET = IP_VERSION_OFFSET + 8; private static final int DST_IP_OFFSET = SRC_IP_OFFSET + IP6_LEN; @@ -114,11 +115,6 @@ final class AceIp6Writer extends AbstractAceWriter<AceIp> { request.mask[baseOffset + ETHER_TYPE_OFFSET + 1] = (byte) 0xff; } - if (aceIp.getProtocol() != null) { - aceIsEmpty = false; - request.mask[baseOffset + IP_VERSION_OFFSET] |= IP_VERSION_MASK; - } - if (aceIp.getDscp() != null) { aceIsEmpty = false; // DCSP (bits 4-9 of IP6 header) @@ -126,6 +122,11 @@ final class AceIp6Writer extends AbstractAceWriter<AceIp> { request.mask[baseOffset + IP_VERSION_OFFSET + 1] |= DSCP_MASK2; } + if (aceIp.getProtocol() != null) { + aceIsEmpty = false; + request.mask[baseOffset + IP_PROTOCOL_OFFSET] = (byte) IP_PROTOCOL_MASK; + } + if (aceIp.getSourcePortRange() != null) { LOG.warn("L4 Header fields are not supported. Ignoring {}", aceIp.getSourcePortRange()); } @@ -184,12 +185,6 @@ final class AceIp6Writer extends AbstractAceWriter<AceIp> { request.match[baseOffset + ETHER_TYPE_OFFSET + 1] = (byte) 0xdd; } - if (aceIp.getProtocol() != null) { - noMatch = false; - request.match[baseOffset + IP_VERSION_OFFSET] |= - (byte) (IP_VERSION_MASK & (aceIp.getProtocol().intValue() << 4)); - } - if (aceIp.getDscp() != null) { noMatch = false; final int dscp = aceIp.getDscp().getValue(); @@ -198,6 +193,11 @@ final class AceIp6Writer extends AbstractAceWriter<AceIp> { request.match[baseOffset + IP_VERSION_OFFSET + 1] |= (byte) (DSCP_MASK2 & (dscp << 6)); } + if (aceIp.getProtocol() != null) { + noMatch = false; + request.match[baseOffset + IP_PROTOCOL_OFFSET] = (byte) (IP_PROTOCOL_MASK & aceIp.getProtocol()); + } + if (aceIp.getSourcePortRange() != null) { LOG.warn("L4 Header fields are not supported. Ignoring {}", aceIp.getSourcePortRange()); } diff --git a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java index 69fcf8d8c..1a7045529 100644 --- a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java +++ b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java @@ -50,7 +50,7 @@ public class AceIp4WriterTest { writer = new AceIp4Writer(jvpp); action = new DenyBuilder().setDeny(true).build(); aceIp = new AceIpBuilder() - .setProtocol((short) 4) + .setProtocol((short) 132) .setDscp(new Dscp((short) 11)) .setAceIpVersion(new AceIpv4Builder() .setSourceIpv4Network(new Ipv4Prefix("1.2.3.4/32")) @@ -70,9 +70,17 @@ public class AceIp4WriterTest { assertEquals(AceIp4Writer.TABLE_MEM_SIZE, request.memorySize); byte[] expectedMask = new byte[] { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, (byte) 0xf0, (byte) 0xfc, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, -1, -1, -1, -1, -1, - -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 + // L2: + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + // dscp: + (byte) 0x00, (byte) 0xfc, + // protocol: + 0, 0, 0, 0, 0, 0, 0, (byte) 0xff, 0, 0, + // source address: + -1, -1, -1, -1, + // destination address: + -1, -1, -1, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; if (isL2) { @@ -90,9 +98,17 @@ public class AceIp4WriterTest { assertEquals(0, request.hitNextIndex); byte[] expectedMatch = new byte[] { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, (byte) 0x40, (byte) 0x2c, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 1, 2, - 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 + // L2: + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + // dscp: + 0, (byte) 0x2c, + // protocol (132): + 0, 0, 0, 0, 0, 0, 0, (byte) 132, 0, 0, + // source address: + 1, 2, 3, 4, + // destination address: + 1, 2, 4, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; if (isL2) { diff --git a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java index dbb3bd5fe..01eaa454d 100644 --- a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java +++ b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java @@ -51,7 +51,7 @@ public class AceIp6WriterTest { writer = new AceIp6Writer(jvpp); action = new DenyBuilder().setDeny(true).build(); aceIp = new AceIpBuilder() - .setProtocol((short) 6) + .setProtocol((short) 132) .setDscp(new Dscp((short) 11)) .setAceIpVersion(new AceIpv6Builder() .setFlowLabel(new Ipv6FlowLabel(123L)) @@ -75,9 +75,10 @@ public class AceIp6WriterTest { byte[] expectedMask = new byte[] { // L2: 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - // version, dscp, flow: - (byte) 0xff, (byte) 0xcf, (byte) 0xff, (byte) 0xff, - 0, 0, 0, 0, + // dscp, flow: + (byte) 0x0f, (byte) 0xcf, (byte) 0xff, (byte) 0xff, + // protocol: + 0, 0, (byte) 0xff, 0, // source address: (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, @@ -104,9 +105,10 @@ public class AceIp6WriterTest { byte[] expectedMatch = new byte[] { // L2: 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - // version(6), dscp(11), flow(123): - (byte) 0x62, (byte) 0xc0, (byte) 0x00, (byte) 0x7b, - 0, 0, 0, 0, + // dscp(11), flow(123): + (byte) 0x02, (byte) 0xc0, (byte) 0x00, (byte) 0x7b, + // protocol (132): + 0, 0, (byte) 132, 0, // source address: (byte) 0x20, (byte) 0x01, (byte) 0x0d, (byte) 0xb8, (byte) 0x85, (byte) 0xa3, (byte) 0x08, (byte) 0xd3, (byte) 0x13, (byte) 0x19, (byte) 0x8a, (byte) 0x2e, (byte) 0x03, (byte) 0x70, (byte) 0x73, (byte) 0x48, |