public static ClassifierName getClassifierRefName(SecurityRule secRule) { Direction direction = SecRuleEntityDecoder.getDirection(secRule); ClassifierName classifierInstanceName = getClassifierInstanceName(secRule); String crName = new StringBuilder().append(direction.name()) .append(MappingUtils.NAME_DOUBLE_DELIMETER) .append(classifierInstanceName.getValue()) .toString(); return new ClassifierName(crName); }
if (direction.equals(Direction.Out) ) { actions = addActionBuilder(actions, nxPushNshAction(), order); actions = addActionBuilder(actions, nxLoadNshMdtypeAction(Short.valueOf((short)0x1)), order);
ruleClassifierBuilder.setDirection(Direction.forValue(classifierRef.getDirection().getIntValue())); } else { ruleClassifierBuilder.setDirection(Direction.Bidirectional);
private Pair<? extends EpgKey, ? extends EpgKey> getMatchingEpgs(Set<Pair<ConsEpgKey, ProvEpgKey>> epgsForContract, Set<EpgKey> epgsFromSrcEp, Set<EpgKey> epgsFromDstEp, Direction direction) { if (direction == null || Direction.Bidirectional == direction) { LOG.info("The bidirectional direction is not supported."); return null; } for (Pair<ConsEpgKey, ProvEpgKey> epgForContract : epgsForContract) { ConsEpgKey consEpg = epgForContract.getLeft(); ProvEpgKey provEpg = epgForContract.getRight(); if (epgsFromSrcEp.contains(consEpg) && epgsFromDstEp.contains(provEpg)) { if (Direction.In.equals(direction)) { return Pair.of(consEpg, provEpg); } else if (Direction.Out.equals(direction)) { return Pair.of(provEpg, consEpg); } } if (epgsFromSrcEp.contains(provEpg) && epgsFromDstEp.contains(consEpg)) { if (Direction.In.equals(direction)) { return Pair.of(consEpg, provEpg); } else if (Direction.Out.equals(direction)) { return Pair.of(provEpg, consEpg); } } } LOG.info( "EPGs of srcEP and dstEp does not match against EPGs for contract:" + "\nsrcEP EPGs: {}\ndstEP EPGs: {}\nEPGs for contract: {}", epgsFromSrcEp, epgsFromDstEp, epgsForContract); return null; }
public static void createChainTunnelFlows(SfcNshHeader sfcNshHeader, NetworkElements netElements, OfWriter ofWriter, OfContext ctx, Direction direction) { NodeId localNodeId = netElements.getLocalNodeId(); EndpointFwdCtxOrdinals epOrdinals = netElements.getSrcEpOrdinals(); NodeConnectorId localNodeTunPort = ctx.getSwitchManager().getTunnelPort(localNodeId, TunnelTypeVxlanGpe.class); Ipv4Address tunDestAddress = ctx.getSwitchManager() .getTunnelIP(netElements.getDstNodeId(), TunnelTypeVxlanGpe.class) .getIpv4Address(); if (localNodeTunPort == null) { LOG.error("createChainTunnelFlows: No valid VXLAN GPE tunnel for Node {} ", localNodeId); return; } if (direction.equals(Direction.In)) { ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY(), allowFromChainPort( sfcNshHeader, localNodeTunPort, ctx.getPolicyManager().getTABLEID_PORTSECURITY(), ctx)); for (Flow flow : createChainTunnelFlow(sfcNshHeader, localNodeTunPort, netElements, ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER(), ctx)) { ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER(), flow); } ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER(), allowFromChainTunnel(localNodeTunPort, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER())); ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER(), createChainBroadcastFlow(sfcNshHeader, localNodeTunPort, epOrdinals, ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER(), ctx)); } else { ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_EXTERNAL_MAPPER(), createExternalFlow(sfcNshHeader, localNodeTunPort, netElements, ctx.getPolicyManager(), ctx.getSwitchManager(), tunDestAddress)); } }
private MatchBuilder createBaseMatch(Direction direction, NetworkElements netElements, IpPrefix sIpPrefix, IpPrefix dIpPrefix) { MatchBuilder baseMatch = new MatchBuilder(); if (direction.equals(Direction.In)) { addNxRegMatch(baseMatch, RegMatch.of(NxmNxReg0.class, (long) netElements.getDstEpOrdinals().getEpgId()), RegMatch.of(NxmNxReg1.class, (long) netElements.getDstEpOrdinals().getCgId()), RegMatch.of(NxmNxReg2.class, (long) netElements.getSrcEpOrdinals().getEpgId()), RegMatch.of(NxmNxReg3.class, (long) netElements.getSrcEpOrdinals().getCgId())); if (sIpPrefix != null) { baseMatch.setLayer3Match(createLayer3Match(sIpPrefix, true)); } if (dIpPrefix != null) { baseMatch.setLayer3Match(createLayer3Match(dIpPrefix, false)); } } else { addNxRegMatch(baseMatch, RegMatch.of(NxmNxReg0.class, (long) netElements.getSrcEpOrdinals().getEpgId()), RegMatch.of(NxmNxReg1.class, (long) netElements.getSrcEpOrdinals().getCgId()), RegMatch.of(NxmNxReg2.class, (long) netElements.getDstEpOrdinals().getEpgId()), RegMatch.of(NxmNxReg3.class, (long) netElements.getDstEpOrdinals().getCgId())); if (sIpPrefix != null) { baseMatch.setLayer3Match(createLayer3Match(sIpPrefix, false)); } if (dIpPrefix != null) { baseMatch.setLayer3Match(createLayer3Match(dIpPrefix, true)); } } return baseMatch; }
private static Rule createRuleAllow(ClassifierName classifierName, Direction direction) { ClassifierName name = new ClassifierName(direction.name() + MappingUtils.NAME_DOUBLE_DELIMETER + classifierName.getValue()); ClassifierRef classifierRef = new ClassifierRefBuilder().setName(name) .setInstanceName(classifierName) .setDirection(direction) .build(); return new RuleBuilder().setName(new RuleName(name)) .setActionRef(ImmutableList.<ActionRef>of(MappingUtils.ACTION_REF_ALLOW)) .setClassifierRef(ImmutableList.of(classifierRef)) .build(); }
private boolean isSameDirection(Direction direction, Rule rule) { for (ClassifierRef classifier : rule.getClassifierRef()) { if (direction.equals(classifier.getDirection()) || direction.equals(Direction.Bidirectional) || Direction.Bidirectional.equals(classifier.getDirection())) { return true; } } return false; }