summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarek Gradzki <mgradzki@cisco.com>2016-10-11 12:35:51 +0200
committerMarek Gradzki <mgradzki@cisco.com>2016-10-11 10:51:37 +0000
commit7fa476774566cce370c5a5e97b410746bc3b4484 (patch)
tree4a4f5cd88e12f1853f590c4386399c0486cd1ce1
parent11e154ab3e09464086cad06376a5da25430cf48b (diff)
HONEYCOMB-258: fix protocol field translation in ACEs
It was translated to version field, but should be to protocol/next header field. Change-Id: I0cf23fdd43246bcc559f61d97701c9153e9b3607 Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
-rw-r--r--v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4Writer.java15
-rw-r--r--v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6Writer.java24
-rw-r--r--v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java30
-rw-r--r--v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java16
4 files changed, 51 insertions, 34 deletions
diff --git a/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4Writer.java b/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4Writer.java
index 939954f40..2f8d030ae 100644
--- a/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4Writer.java
+++ b/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4Writer.java
@@ -45,9 +45,10 @@ final class AceIp4Writer extends AbstractAceWriter<AceIp> implements Ipv4Transla
private static final int ETHER_TYPE_OFFSET = 12; // first 14 bytes represent L2 header (2x6)
private static final int IP_VERSION_OFFSET = ETHER_TYPE_OFFSET+2;
- private static final int IP_VERSION_MASK = 0xf0;
private static final int DSCP_OFFSET = 15;
private static final int DSCP_MASK = 0xfc;
+ private static final int IP_PROTOCOL_OFFSET = IP_VERSION_OFFSET+9;
+ private static final int IP_PROTOCOL_MASK = 0xff;
private static final int IP4_LEN = 4;
private static final int SRC_IP_OFFSET = IP_VERSION_OFFSET + 12;
private static final int DST_IP_OFFSET = SRC_IP_OFFSET + IP4_LEN;
@@ -100,16 +101,15 @@ final class AceIp4Writer extends AbstractAceWriter<AceIp> implements Ipv4Transla
request.mask[baseOffset + ETHER_TYPE_OFFSET + 1] = (byte) 0xff;
}
- // First 14 bytes represent l2 header (2x6 + etherType(2))
- if (aceIp.getProtocol() != null) { // Internet Protocol number
- request.mask[baseOffset + IP_VERSION_OFFSET] = (byte) IP_VERSION_MASK; // first 4 bits
- }
-
if (aceIp.getDscp() != null) {
aceIsEmpty = false;
request.mask[baseOffset + DSCP_OFFSET] = (byte) DSCP_MASK; // first 6 bits
}
+ if (aceIp.getProtocol() != null) { // Internet Protocol number
+ request.mask[baseOffset + IP_PROTOCOL_OFFSET] = (byte) IP_PROTOCOL_MASK;
+ }
+
if (aceIp.getSourcePortRange() != null) {
LOG.warn("L4 Header fields are not supported. Ignoring {}", aceIp.getSourcePortRange());
}
@@ -163,8 +163,7 @@ final class AceIp4Writer extends AbstractAceWriter<AceIp> implements Ipv4Transla
}
if (aceIp.getProtocol() != null) {
- request.match[baseOffset + IP_VERSION_OFFSET] =
- (byte) (IP_VERSION_MASK & (aceIp.getProtocol().intValue() << 4));
+ request.match[baseOffset + IP_PROTOCOL_OFFSET] = (byte) (IP_PROTOCOL_MASK & aceIp.getProtocol());
}
if (aceIp.getDscp() != null) {
diff --git a/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6Writer.java b/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6Writer.java
index 911b5379f..f1cccba92 100644
--- a/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6Writer.java
+++ b/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6Writer.java
@@ -46,9 +46,10 @@ final class AceIp6Writer extends AbstractAceWriter<AceIp> {
private static final int ETHER_TYPE_OFFSET = 12; // first 14 bytes represent L2 header (2x6)
private static final int IP_VERSION_OFFSET = ETHER_TYPE_OFFSET+2;
- private static final int IP_VERSION_MASK = 0xf0;
private static final int DSCP_MASK1 = 0x0f;
private static final int DSCP_MASK2 = 0xc0;
+ private static final int IP_PROTOCOL_OFFSET = IP_VERSION_OFFSET+6;
+ private static final int IP_PROTOCOL_MASK = 0xff;
private static final int IP6_LEN = 16;
private static final int SRC_IP_OFFSET = IP_VERSION_OFFSET + 8;
private static final int DST_IP_OFFSET = SRC_IP_OFFSET + IP6_LEN;
@@ -114,11 +115,6 @@ final class AceIp6Writer extends AbstractAceWriter<AceIp> {
request.mask[baseOffset + ETHER_TYPE_OFFSET + 1] = (byte) 0xff;
}
- if (aceIp.getProtocol() != null) {
- aceIsEmpty = false;
- request.mask[baseOffset + IP_VERSION_OFFSET] |= IP_VERSION_MASK;
- }
-
if (aceIp.getDscp() != null) {
aceIsEmpty = false;
// DCSP (bits 4-9 of IP6 header)
@@ -126,6 +122,11 @@ final class AceIp6Writer extends AbstractAceWriter<AceIp> {
request.mask[baseOffset + IP_VERSION_OFFSET + 1] |= DSCP_MASK2;
}
+ if (aceIp.getProtocol() != null) {
+ aceIsEmpty = false;
+ request.mask[baseOffset + IP_PROTOCOL_OFFSET] = (byte) IP_PROTOCOL_MASK;
+ }
+
if (aceIp.getSourcePortRange() != null) {
LOG.warn("L4 Header fields are not supported. Ignoring {}", aceIp.getSourcePortRange());
}
@@ -184,12 +185,6 @@ final class AceIp6Writer extends AbstractAceWriter<AceIp> {
request.match[baseOffset + ETHER_TYPE_OFFSET + 1] = (byte) 0xdd;
}
- if (aceIp.getProtocol() != null) {
- noMatch = false;
- request.match[baseOffset + IP_VERSION_OFFSET] |=
- (byte) (IP_VERSION_MASK & (aceIp.getProtocol().intValue() << 4));
- }
-
if (aceIp.getDscp() != null) {
noMatch = false;
final int dscp = aceIp.getDscp().getValue();
@@ -198,6 +193,11 @@ final class AceIp6Writer extends AbstractAceWriter<AceIp> {
request.match[baseOffset + IP_VERSION_OFFSET + 1] |= (byte) (DSCP_MASK2 & (dscp << 6));
}
+ if (aceIp.getProtocol() != null) {
+ noMatch = false;
+ request.match[baseOffset + IP_PROTOCOL_OFFSET] = (byte) (IP_PROTOCOL_MASK & aceIp.getProtocol());
+ }
+
if (aceIp.getSourcePortRange() != null) {
LOG.warn("L4 Header fields are not supported. Ignoring {}", aceIp.getSourcePortRange());
}
diff --git a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java
index 69fcf8d8c..1a7045529 100644
--- a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java
+++ b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java
@@ -50,7 +50,7 @@ public class AceIp4WriterTest {
writer = new AceIp4Writer(jvpp);
action = new DenyBuilder().setDeny(true).build();
aceIp = new AceIpBuilder()
- .setProtocol((short) 4)
+ .setProtocol((short) 132)
.setDscp(new Dscp((short) 11))
.setAceIpVersion(new AceIpv4Builder()
.setSourceIpv4Network(new Ipv4Prefix("1.2.3.4/32"))
@@ -70,9 +70,17 @@ public class AceIp4WriterTest {
assertEquals(AceIp4Writer.TABLE_MEM_SIZE, request.memorySize);
byte[] expectedMask = new byte[] {
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, (byte) 0xf0, (byte) 0xfc,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, -1, -1, -1, -1, -1,
- -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ // L2:
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ // dscp:
+ (byte) 0x00, (byte) 0xfc,
+ // protocol:
+ 0, 0, 0, 0, 0, 0, 0, (byte) 0xff, 0, 0,
+ // source address:
+ -1, -1, -1, -1,
+ // destination address:
+ -1, -1, -1, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
if (isL2) {
@@ -90,9 +98,17 @@ public class AceIp4WriterTest {
assertEquals(0, request.hitNextIndex);
byte[] expectedMatch = new byte[] {
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, (byte) 0x40, (byte) 0x2c,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 1, 2,
- 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ // L2:
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ // dscp:
+ 0, (byte) 0x2c,
+ // protocol (132):
+ 0, 0, 0, 0, 0, 0, 0, (byte) 132, 0, 0,
+ // source address:
+ 1, 2, 3, 4,
+ // destination address:
+ 1, 2, 4, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
if (isL2) {
diff --git a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java
index dbb3bd5fe..01eaa454d 100644
--- a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java
+++ b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java
@@ -51,7 +51,7 @@ public class AceIp6WriterTest {
writer = new AceIp6Writer(jvpp);
action = new DenyBuilder().setDeny(true).build();
aceIp = new AceIpBuilder()
- .setProtocol((short) 6)
+ .setProtocol((short) 132)
.setDscp(new Dscp((short) 11))
.setAceIpVersion(new AceIpv6Builder()
.setFlowLabel(new Ipv6FlowLabel(123L))
@@ -75,9 +75,10 @@ public class AceIp6WriterTest {
byte[] expectedMask = new byte[] {
// L2:
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- // version, dscp, flow:
- (byte) 0xff, (byte) 0xcf, (byte) 0xff, (byte) 0xff,
- 0, 0, 0, 0,
+ // dscp, flow:
+ (byte) 0x0f, (byte) 0xcf, (byte) 0xff, (byte) 0xff,
+ // protocol:
+ 0, 0, (byte) 0xff, 0,
// source address:
(byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
(byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
@@ -104,9 +105,10 @@ public class AceIp6WriterTest {
byte[] expectedMatch = new byte[] {
// L2:
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- // version(6), dscp(11), flow(123):
- (byte) 0x62, (byte) 0xc0, (byte) 0x00, (byte) 0x7b,
- 0, 0, 0, 0,
+ // dscp(11), flow(123):
+ (byte) 0x02, (byte) 0xc0, (byte) 0x00, (byte) 0x7b,
+ // protocol (132):
+ 0, 0, (byte) 132, 0,
// source address:
(byte) 0x20, (byte) 0x01, (byte) 0x0d, (byte) 0xb8, (byte) 0x85, (byte) 0xa3, (byte) 0x08, (byte) 0xd3,
(byte) 0x13, (byte) 0x19, (byte) 0x8a, (byte) 0x2e, (byte) 0x03, (byte) 0x70, (byte) 0x73, (byte) 0x48,