From 7fa476774566cce370c5a5e97b410746bc3b4484 Mon Sep 17 00:00:00 2001 From: Marek Gradzki Date: Tue, 11 Oct 2016 12:35:51 +0200 Subject: HONEYCOMB-258: fix protocol field translation in ACEs It was translated to version field, but should be to protocol/next header field. Change-Id: I0cf23fdd43246bcc559f61d97701c9153e9b3607 Signed-off-by: Marek Gradzki --- .../v3po/interfaces/acl/ingress/AceIp4Writer.java | 15 +++++------ .../v3po/interfaces/acl/ingress/AceIp6Writer.java | 24 ++++++++--------- .../interfaces/acl/ingress/AceIp4WriterTest.java | 30 +++++++++++++++++----- .../interfaces/acl/ingress/AceIp6WriterTest.java | 16 +++++++----- 4 files changed, 51 insertions(+), 34 deletions(-) (limited to 'v3po') diff --git a/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4Writer.java b/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4Writer.java index 939954f40..2f8d030ae 100644 --- a/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4Writer.java +++ b/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4Writer.java @@ -45,9 +45,10 @@ final class AceIp4Writer extends AbstractAceWriter implements Ipv4Transla private static final int ETHER_TYPE_OFFSET = 12; // first 14 bytes represent L2 header (2x6) private static final int IP_VERSION_OFFSET = ETHER_TYPE_OFFSET+2; - private static final int IP_VERSION_MASK = 0xf0; private static final int DSCP_OFFSET = 15; private static final int DSCP_MASK = 0xfc; + private static final int IP_PROTOCOL_OFFSET = IP_VERSION_OFFSET+9; + private static final int IP_PROTOCOL_MASK = 0xff; private static final int IP4_LEN = 4; private static final int SRC_IP_OFFSET = IP_VERSION_OFFSET + 12; private static final int DST_IP_OFFSET = SRC_IP_OFFSET + IP4_LEN; @@ -100,16 +101,15 @@ final class AceIp4Writer extends AbstractAceWriter implements Ipv4Transla request.mask[baseOffset + ETHER_TYPE_OFFSET + 1] = (byte) 0xff; } - // First 14 bytes represent l2 header (2x6 + etherType(2)) - if (aceIp.getProtocol() != null) { // Internet Protocol number - request.mask[baseOffset + IP_VERSION_OFFSET] = (byte) IP_VERSION_MASK; // first 4 bits - } - if (aceIp.getDscp() != null) { aceIsEmpty = false; request.mask[baseOffset + DSCP_OFFSET] = (byte) DSCP_MASK; // first 6 bits } + if (aceIp.getProtocol() != null) { // Internet Protocol number + request.mask[baseOffset + IP_PROTOCOL_OFFSET] = (byte) IP_PROTOCOL_MASK; + } + if (aceIp.getSourcePortRange() != null) { LOG.warn("L4 Header fields are not supported. Ignoring {}", aceIp.getSourcePortRange()); } @@ -163,8 +163,7 @@ final class AceIp4Writer extends AbstractAceWriter implements Ipv4Transla } if (aceIp.getProtocol() != null) { - request.match[baseOffset + IP_VERSION_OFFSET] = - (byte) (IP_VERSION_MASK & (aceIp.getProtocol().intValue() << 4)); + request.match[baseOffset + IP_PROTOCOL_OFFSET] = (byte) (IP_PROTOCOL_MASK & aceIp.getProtocol()); } if (aceIp.getDscp() != null) { diff --git a/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6Writer.java b/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6Writer.java index 911b5379f..f1cccba92 100644 --- a/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6Writer.java +++ b/v3po/v3po2vpp/src/main/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6Writer.java @@ -46,9 +46,10 @@ final class AceIp6Writer extends AbstractAceWriter { private static final int ETHER_TYPE_OFFSET = 12; // first 14 bytes represent L2 header (2x6) private static final int IP_VERSION_OFFSET = ETHER_TYPE_OFFSET+2; - private static final int IP_VERSION_MASK = 0xf0; private static final int DSCP_MASK1 = 0x0f; private static final int DSCP_MASK2 = 0xc0; + private static final int IP_PROTOCOL_OFFSET = IP_VERSION_OFFSET+6; + private static final int IP_PROTOCOL_MASK = 0xff; private static final int IP6_LEN = 16; private static final int SRC_IP_OFFSET = IP_VERSION_OFFSET + 8; private static final int DST_IP_OFFSET = SRC_IP_OFFSET + IP6_LEN; @@ -114,11 +115,6 @@ final class AceIp6Writer extends AbstractAceWriter { request.mask[baseOffset + ETHER_TYPE_OFFSET + 1] = (byte) 0xff; } - if (aceIp.getProtocol() != null) { - aceIsEmpty = false; - request.mask[baseOffset + IP_VERSION_OFFSET] |= IP_VERSION_MASK; - } - if (aceIp.getDscp() != null) { aceIsEmpty = false; // DCSP (bits 4-9 of IP6 header) @@ -126,6 +122,11 @@ final class AceIp6Writer extends AbstractAceWriter { request.mask[baseOffset + IP_VERSION_OFFSET + 1] |= DSCP_MASK2; } + if (aceIp.getProtocol() != null) { + aceIsEmpty = false; + request.mask[baseOffset + IP_PROTOCOL_OFFSET] = (byte) IP_PROTOCOL_MASK; + } + if (aceIp.getSourcePortRange() != null) { LOG.warn("L4 Header fields are not supported. Ignoring {}", aceIp.getSourcePortRange()); } @@ -184,12 +185,6 @@ final class AceIp6Writer extends AbstractAceWriter { request.match[baseOffset + ETHER_TYPE_OFFSET + 1] = (byte) 0xdd; } - if (aceIp.getProtocol() != null) { - noMatch = false; - request.match[baseOffset + IP_VERSION_OFFSET] |= - (byte) (IP_VERSION_MASK & (aceIp.getProtocol().intValue() << 4)); - } - if (aceIp.getDscp() != null) { noMatch = false; final int dscp = aceIp.getDscp().getValue(); @@ -198,6 +193,11 @@ final class AceIp6Writer extends AbstractAceWriter { request.match[baseOffset + IP_VERSION_OFFSET + 1] |= (byte) (DSCP_MASK2 & (dscp << 6)); } + if (aceIp.getProtocol() != null) { + noMatch = false; + request.match[baseOffset + IP_PROTOCOL_OFFSET] = (byte) (IP_PROTOCOL_MASK & aceIp.getProtocol()); + } + if (aceIp.getSourcePortRange() != null) { LOG.warn("L4 Header fields are not supported. Ignoring {}", aceIp.getSourcePortRange()); } diff --git a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java index 69fcf8d8c..1a7045529 100644 --- a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java +++ b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp4WriterTest.java @@ -50,7 +50,7 @@ public class AceIp4WriterTest { writer = new AceIp4Writer(jvpp); action = new DenyBuilder().setDeny(true).build(); aceIp = new AceIpBuilder() - .setProtocol((short) 4) + .setProtocol((short) 132) .setDscp(new Dscp((short) 11)) .setAceIpVersion(new AceIpv4Builder() .setSourceIpv4Network(new Ipv4Prefix("1.2.3.4/32")) @@ -70,9 +70,17 @@ public class AceIp4WriterTest { assertEquals(AceIp4Writer.TABLE_MEM_SIZE, request.memorySize); byte[] expectedMask = new byte[] { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, (byte) 0xf0, (byte) 0xfc, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, -1, -1, -1, -1, -1, - -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 + // L2: + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + // dscp: + (byte) 0x00, (byte) 0xfc, + // protocol: + 0, 0, 0, 0, 0, 0, 0, (byte) 0xff, 0, 0, + // source address: + -1, -1, -1, -1, + // destination address: + -1, -1, -1, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; if (isL2) { @@ -90,9 +98,17 @@ public class AceIp4WriterTest { assertEquals(0, request.hitNextIndex); byte[] expectedMatch = new byte[] { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, (byte) 0x40, (byte) 0x2c, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 1, 2, - 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 + // L2: + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + // dscp: + 0, (byte) 0x2c, + // protocol (132): + 0, 0, 0, 0, 0, 0, 0, (byte) 132, 0, 0, + // source address: + 1, 2, 3, 4, + // destination address: + 1, 2, 4, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; if (isL2) { diff --git a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java index dbb3bd5fe..01eaa454d 100644 --- a/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java +++ b/v3po/v3po2vpp/src/test/java/io/fd/honeycomb/translate/v3po/interfaces/acl/ingress/AceIp6WriterTest.java @@ -51,7 +51,7 @@ public class AceIp6WriterTest { writer = new AceIp6Writer(jvpp); action = new DenyBuilder().setDeny(true).build(); aceIp = new AceIpBuilder() - .setProtocol((short) 6) + .setProtocol((short) 132) .setDscp(new Dscp((short) 11)) .setAceIpVersion(new AceIpv6Builder() .setFlowLabel(new Ipv6FlowLabel(123L)) @@ -75,9 +75,10 @@ public class AceIp6WriterTest { byte[] expectedMask = new byte[] { // L2: 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - // version, dscp, flow: - (byte) 0xff, (byte) 0xcf, (byte) 0xff, (byte) 0xff, - 0, 0, 0, 0, + // dscp, flow: + (byte) 0x0f, (byte) 0xcf, (byte) 0xff, (byte) 0xff, + // protocol: + 0, 0, (byte) 0xff, 0, // source address: (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, @@ -104,9 +105,10 @@ public class AceIp6WriterTest { byte[] expectedMatch = new byte[] { // L2: 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - // version(6), dscp(11), flow(123): - (byte) 0x62, (byte) 0xc0, (byte) 0x00, (byte) 0x7b, - 0, 0, 0, 0, + // dscp(11), flow(123): + (byte) 0x02, (byte) 0xc0, (byte) 0x00, (byte) 0x7b, + // protocol (132): + 0, 0, (byte) 132, 0, // source address: (byte) 0x20, (byte) 0x01, (byte) 0x0d, (byte) 0xb8, (byte) 0x85, (byte) 0xa3, (byte) 0x08, (byte) 0xd3, (byte) 0x13, (byte) 0x19, (byte) 0x8a, (byte) 0x2e, (byte) 0x03, (byte) 0x70, (byte) 0x73, (byte) 0x48, -- cgit 1.2.3-korg