import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Actions;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Matches;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRange;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRange;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
public final class AclWriterFactory implements WriterFactory {
final InstanceIdentifier<Ace> aceId = aclIdRelative.child(AccessListEntries.class).child(Ace.class);
final InstanceIdentifier<Actions> actionsId = aceId.child(Actions.class);
final InstanceIdentifier<Matches> matchesId = aceId.child(Matches.class);
+ final InstanceIdentifier<SourcePortRange> srcPortId = matchesId.child((Class)SourcePortRange.class);
+ final InstanceIdentifier<DestinationPortRange> dstPortId = matchesId.child((Class)DestinationPortRange.class);
- registry.subtreeAddBefore(Sets.newHashSet(aceId, actionsId, matchesId),
+ registry.subtreeAddBefore(Sets.newHashSet(aceId, actionsId, matchesId, srcPortId, dstPortId),
new GenericListWriter<>(ACL_ID, new IetfAclWriter()),
Sets.newHashSet(IETF_ACL_ID, SUBIF_IETF_ACL_ID));
}
import com.google.common.annotations.VisibleForTesting;
import io.fd.vpp.jvpp.core.dto.ClassifyAddDelSession;
import io.fd.vpp.jvpp.core.dto.ClassifyAddDelTable;
+import java.util.Collections;
+import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.PacketHandling;
}
@Override
- public ClassifyAddDelSession createSession(@Nonnull final PacketHandling action,
- @Nonnull final AceEth aceEth,
- @Nullable final InterfaceMode mode,
- final int tableIndex,
- final int vlanTags) {
+ public List<ClassifyAddDelSession> createSession(@Nonnull final PacketHandling action,
+ @Nonnull final AceEth aceEth,
+ @Nullable final InterfaceMode mode,
+ final int tableIndex,
+ final int vlanTags) {
final ClassifyAddDelSession request = createSession(action, tableIndex);
request.match = new byte[16];
}
LOG.debug("ACE action={}, rule={} translated to session={}.", action, aceEth, request);
- return request;
+ return Collections.singletonList(request);
}
}
import com.google.common.annotations.VisibleForTesting;
import io.fd.vpp.jvpp.core.dto.ClassifyAddDelSession;
import io.fd.vpp.jvpp.core.dto.ClassifyAddDelTable;
+import java.util.ArrayList;
+import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.PacketHandling;
checkArgument(aceIp.getAceIpVersion() instanceof AceIpv4, "Expected AceIpv4 version, but was %", aceIp);
final AceIpv4 ipVersion = (AceIpv4) aceIp.getAceIpVersion();
- final ClassifyAddDelTable request = createTable(nextTableIndex);
+ final int numberOfSessions = PortPair.fromRange(aceIp.getSourcePortRange(), aceIp.getDestinationPortRange()).size();
+ final ClassifyAddDelTable request = createTable(nextTableIndex, numberOfSessions);
request.skipNVectors = 0; // match entire L2 and L3 header
request.matchNVectors = MATCH_N_VECTORS;
request.mask = new byte[TABLE_MASK_LENGTH];
final int baseOffset = getVlanTagsLen(vlanTags);
- boolean aceIsEmpty = ip4Mask(baseOffset, mode, aceIp, ipVersion, request, LOG);
+ boolean aceIsEmpty = ip4Mask(baseOffset, mode, aceIp, ipVersion, request);
if (aceIsEmpty) {
throw new IllegalArgumentException(
String.format("Ace %s does not define packet field match values", aceIp.toString()));
}
@Override
- public ClassifyAddDelSession createSession(@Nonnull final PacketHandling action,
- @Nonnull final AceIp aceIp,
- @Nullable final InterfaceMode mode,
- final int tableIndex,
- final int vlanTags) {
+ public List<ClassifyAddDelSession> createSession(@Nonnull final PacketHandling action,
+ @Nonnull final AceIp aceIp,
+ @Nullable final InterfaceMode mode,
+ final int tableIndex,
+ final int vlanTags) {
checkArgument(aceIp.getAceIpVersion() instanceof AceIpv4, "Expected AceIpv4 version, but was %", aceIp);
final AceIpv4 ipVersion = (AceIpv4) aceIp.getAceIpVersion();
- final ClassifyAddDelSession request = createSession(action, tableIndex);
- request.match = new byte[TABLE_MASK_LENGTH];
+ final List<PortPair> portPairs = PortPair.fromRange(aceIp.getSourcePortRange(), aceIp.getDestinationPortRange());
+ final List<ClassifyAddDelSession> requests = new ArrayList<>(portPairs.size());
+ for (final PortPair pair : portPairs) {
+ final ClassifyAddDelSession request = createSession(action, tableIndex);
+ request.match = new byte[TABLE_MASK_LENGTH];
- final int baseOffset = getVlanTagsLen(vlanTags);
- boolean noMatch = ip4Match(baseOffset, mode, aceIp, ipVersion, request, LOG);
- if (noMatch) {
- throw new IllegalArgumentException(
- String.format("Ace %s does not define packet field match values", aceIp.toString()));
- }
+ final int baseOffset = getVlanTagsLen(vlanTags);
+ boolean noMatch = ip4Match(baseOffset, mode, aceIp, ipVersion, pair.getSrc(), pair.getDst(), request);
+ if (noMatch) {
+ throw new IllegalArgumentException(
+ String.format("Ace %s does not define packet field match values", aceIp.toString()));
+ }
- LOG.debug("ACE action={}, rule={} translated to session={}.", action, aceIp, request);
- return request;
+ LOG.debug("ACE action={}, rule={} translated to session={}.", action, aceIp, request);
+ requests.add(request);
+ }
+ return requests;
}
}
import static com.google.common.base.Preconditions.checkArgument;
-import com.google.common.annotations.VisibleForTesting;
import io.fd.vpp.jvpp.core.dto.ClassifyAddDelSession;
import io.fd.vpp.jvpp.core.dto.ClassifyAddDelTable;
+import java.util.ArrayList;
+import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.PacketHandling;
final class AceIp6Writer implements AceWriter<AceIp>, AclTranslator, Ip6AclTranslator {
- @VisibleForTesting
- static final int MATCH_N_VECTORS = 4; // number of 16B vectors
- private static final int TABLE_MASK_LENGTH = 64;
private static final Logger LOG = LoggerFactory.getLogger(AceIp6Writer.class);
@Override
checkArgument(aceIp.getAceIpVersion() instanceof AceIpv6, "Expected AceIpv6 version, but was %", aceIp);
final AceIpv6 ipVersion = (AceIpv6) aceIp.getAceIpVersion();
- final ClassifyAddDelTable request = createTable(nextTableIndex);
+ final int numberOfSessions = PortPair.fromRange(aceIp.getSourcePortRange(), aceIp.getDestinationPortRange()).size();
+ final ClassifyAddDelTable request = createTable(nextTableIndex, numberOfSessions);
request.skipNVectors = 0; // match entire L2 and L3 header
- request.matchNVectors = MATCH_N_VECTORS;
- request.mask = new byte[TABLE_MASK_LENGTH];
+ request.mask = new byte[getTableMaskLength(vlanTags)];
+ request.matchNVectors = request.mask.length/16;
final int baseOffset = getVlanTagsLen(vlanTags);
- boolean aceIsEmpty = ip6Mask(baseOffset, mode, aceIp, ipVersion, request, LOG);
+ boolean aceIsEmpty = ip6Mask(baseOffset, mode, aceIp, ipVersion, request);
if (aceIsEmpty) {
throw new IllegalArgumentException(
String.format("Ace %s does not define packet field match values", aceIp.toString()));
return request;
}
+ private static int getTableMaskLength(final int vlanTags) {
+ if (vlanTags == 2) {
+ return 80;
+ } else {
+ return 64;
+ }
+ }
+
@Override
- public ClassifyAddDelSession createSession(@Nonnull final PacketHandling action,
- @Nonnull final AceIp aceIp,
- @Nullable final InterfaceMode mode,
- final int tableIndex,
- final int vlanTags) {
+ public List<ClassifyAddDelSession> createSession(@Nonnull final PacketHandling action,
+ @Nonnull final AceIp aceIp,
+ @Nullable final InterfaceMode mode,
+ final int tableIndex,
+ final int vlanTags) {
checkArgument(aceIp.getAceIpVersion() instanceof AceIpv6, "Expected AceIpv6 version, but was %", aceIp);
final AceIpv6 ipVersion = (AceIpv6) aceIp.getAceIpVersion();
+ final List<PortPair> portPairs =
+ PortPair.fromRange(aceIp.getSourcePortRange(), aceIp.getDestinationPortRange());
- final ClassifyAddDelSession request = createSession(action, tableIndex);
- request.match = new byte[TABLE_MASK_LENGTH];
+ final List<ClassifyAddDelSession> requests = new ArrayList<>(portPairs.size());
+ for (final PortPair pair : portPairs) {
+ final ClassifyAddDelSession request = createSession(action, tableIndex);
+ request.match = new byte[getTableMaskLength(vlanTags)];
- final int baseOffset = getVlanTagsLen(vlanTags);
- boolean noMatch = ip6Match(baseOffset, mode, aceIp, ipVersion, request, LOG);
- if (noMatch) {
- throw new IllegalArgumentException(
- String.format("Ace %s does not define packet field match values", aceIp.toString()));
- }
+ final int baseOffset = getVlanTagsLen(vlanTags);
+ boolean noMatch = ip6Match(baseOffset, mode, aceIp, ipVersion, pair.getSrc(), pair.getDst(), request);
+ if (noMatch) {
+ throw new IllegalArgumentException(
+ String.format("Ace %s does not define packet field match values", aceIp.toString()));
+ }
- LOG.debug("ACE action={}, rule={} translated to session={}.", action, aceIp, request);
- return request;
+ LOG.debug("ACE action={}, rule={} translated to session={}.", action, aceIp, request);
+ requests.add(request);
+ }
+ return requests;
}
}
import io.fd.vpp.jvpp.core.dto.ClassifyAddDelSession;
import io.fd.vpp.jvpp.core.dto.ClassifyAddDelTable;
+import java.util.ArrayList;
+import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.PacketHandling;
private static final Logger LOG = LoggerFactory.getLogger(AceIpAndEthWriter.class);
- private static int maskLength(@Nonnull final AceIpAndEth ace) {
+ private static int maskLength(@Nonnull final AceIpAndEth ace, final int vlanTags) {
if (ace.getAceIpVersion() != null) {
if (ace.getAceIpVersion() instanceof AceIpv4) {
return 48;
} else {
- return 64;
+ return vlanTags == 2
+ ? 80
+ : 64;
}
}
return 16;
@Override
public ClassifyAddDelTable createTable(@Nonnull final AceIpAndEth ace, @Nullable final InterfaceMode mode,
final int nextTableIndex, final int vlanTags) {
- final ClassifyAddDelTable request = createTable(nextTableIndex);
- final int maskLength = maskLength(ace);
+ final int numberOfSessions = PortPair.fromRange(ace.getSourcePortRange(), ace.getDestinationPortRange()).size();
+ final ClassifyAddDelTable request = createTable(nextTableIndex, numberOfSessions);
+ final int maskLength = maskLength(ace, vlanTags);
request.mask = new byte[maskLength];
request.skipNVectors = 0;
request.matchNVectors = maskLength / 16;
final int baseOffset = getVlanTagsLen(vlanTags);
if (aceIpVersion instanceof AceIpv4) {
final AceIpv4 ipVersion = (AceIpv4) aceIpVersion;
- aceIsEmpty &= ip4Mask(baseOffset, mode, ace, ipVersion, request, LOG);
+ aceIsEmpty &= ip4Mask(baseOffset, mode, ace, ipVersion, request);
} else if (aceIpVersion instanceof AceIpv6) {
final AceIpv6 ipVersion = (AceIpv6) aceIpVersion;
- aceIsEmpty &= ip6Mask(baseOffset, mode, ace, ipVersion, request, LOG);
+ aceIsEmpty &= ip6Mask(baseOffset, mode, ace, ipVersion, request);
} else {
throw new IllegalArgumentException(String.format("Unsupported IP version %s", aceIpVersion));
}
}
@Override
- public ClassifyAddDelSession createSession(@Nonnull final PacketHandling action,
- @Nonnull final AceIpAndEth ace,
- @Nullable final InterfaceMode mode, final int tableIndex,
- final int vlanTags) {
- final ClassifyAddDelSession request = createSession(action, tableIndex);
- request.match = new byte[maskLength(ace)];
-
- boolean noMatch = destinationMacAddressMatch(ace.getDestinationMacAddress(), request);
- noMatch &= sourceMacAddressMatch(ace.getSourceMacAddress(), request);
-
- final AceIpVersion aceIpVersion = ace.getAceIpVersion();
- checkArgument(aceIpVersion != null, "AceIpAndEth have to define IpVersion");
-
- final int baseOffset = getVlanTagsLen(vlanTags);
- if (aceIpVersion instanceof AceIpv4) {
- final AceIpv4 ipVersion = (AceIpv4) aceIpVersion;
- noMatch &= ip4Match(baseOffset, mode, ace, ipVersion, request, LOG);
- } else if (aceIpVersion instanceof AceIpv6) {
- final AceIpv6 ipVersion = (AceIpv6) aceIpVersion;
- noMatch &= ip6Match(baseOffset, mode, ace, ipVersion, request, LOG);
- } else {
- throw new IllegalArgumentException(String.format("Unsupported IP version %s", aceIpVersion));
- }
+ public List<ClassifyAddDelSession> createSession(@Nonnull final PacketHandling action,
+ @Nonnull final AceIpAndEth ace,
+ @Nullable final InterfaceMode mode, final int tableIndex,
+ final int vlanTags) {
+ final List<PortPair> portPairs = PortPair.fromRange(ace.getSourcePortRange(), ace.getDestinationPortRange());
+ final List<ClassifyAddDelSession> requests = new ArrayList<>(portPairs.size());
+ for (final PortPair pair : portPairs) {
+ final ClassifyAddDelSession request = createSession(action, tableIndex);
+ request.match = new byte[maskLength(ace, vlanTags)];
+
+ boolean noMatch = destinationMacAddressMatch(ace.getDestinationMacAddress(), request);
+ noMatch &= sourceMacAddressMatch(ace.getSourceMacAddress(), request);
+
+ final AceIpVersion aceIpVersion = ace.getAceIpVersion();
+ checkArgument(aceIpVersion != null, "AceIpAndEth have to define IpVersion");
+
+ final int baseOffset = getVlanTagsLen(vlanTags);
+ if (aceIpVersion instanceof AceIpv4) {
+ final AceIpv4 ipVersion = (AceIpv4) aceIpVersion;
+ noMatch &= ip4Match(baseOffset, mode, ace, ipVersion, pair.getSrc(), pair.getDst(), request);
+ } else if (aceIpVersion instanceof AceIpv6) {
+ final AceIpv6 ipVersion = (AceIpv6) aceIpVersion;
+ noMatch &= ip6Match(baseOffset, mode, ace, ipVersion, pair.getSrc(), pair.getDst(), request);
+ } else {
+ throw new IllegalArgumentException(String.format("Unsupported IP version %s", aceIpVersion));
+ }
- if (noMatch) {
- throw new IllegalArgumentException(
- String.format("Ace %s does not define packet field match values", ace.toString()));
+ if (noMatch) {
+ throw new IllegalArgumentException(
+ String.format("Ace %s does not define packet field match values", ace.toString()));
+ }
+ LOG.debug("ACE action={}, rule={} translated to session={}.", action, ace, request);
+ requests.add(request);
}
-
- LOG.debug("ACE action={}, rule={} translated to session={}.", action, ace, request);
- return request;
+ return requests;
}
}
import io.fd.vpp.jvpp.core.dto.ClassifyAddDelSession;
import io.fd.vpp.jvpp.core.dto.ClassifyAddDelTable;
+import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.PacketHandling;
* @param vlanTags number of vlan tags
*/
@Nonnull
- ClassifyAddDelSession createSession(@Nonnull final PacketHandling action, @Nonnull T ace,
- @Nullable final InterfaceMode mode, final int tableIndex, final int vlanTags);
+ List<ClassifyAddDelSession> createSession(@Nonnull final PacketHandling action, @Nonnull T ace,
+ @Nullable final InterfaceMode mode, final int tableIndex, final int vlanTags);
}
package io.fd.honeycomb.translate.v3po.interfaces.acl.ingress;
+import static com.google.common.base.Preconditions.checkArgument;
+
import io.fd.vpp.jvpp.core.dto.ClassifyAddDelSession;
import io.fd.vpp.jvpp.core.dto.ClassifyAddDelTable;
+import javax.annotation.Nonnegative;
import javax.annotation.Nonnull;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.PacketHandling;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Permit;
* Utility that helps translating of ietf-acl model ACEs to VPP's classify tables and sessions.
*/
interface AclTranslator {
-
- // TODO: HONEYCOMB-181 minimise memory used by classify tables (we create a lot of them to make ietf-acl model
- // mapping more convenient):
- // according to https://wiki.fd.io/view/VPP/Introduction_To_N-tuple_Classifiers#Creating_a_classifier_table,
- // classify table needs 16*(1 + match_n_vectors) bytes, but this does not quite work, so setting 8K for now
int TABLE_MEM_SIZE = 8 * 1024;
int VLAN_TAG_LEN = 4;
default ClassifyAddDelTable createTable(final int nextTableIndex) {
+ return createTable(nextTableIndex, 1);
+ }
+
+ default ClassifyAddDelTable createTable(final int nextTableIndex, @Nonnegative final int numberOfSessions) {
final ClassifyAddDelTable request = new ClassifyAddDelTable();
request.isAdd = 1;
request.tableIndex = -1; // value not present
- request.nbuckets = 1; // we expect exactly one session per table
+ request.nbuckets = numberOfSessions;
request.nextTableIndex = nextTableIndex;
- request.memorySize = TABLE_MEM_SIZE;
+
+
+ // TODO: HONEYCOMB-181 minimise memory used by classify tables (we create a lot of them to make ietf-acl model
+ // mapping more convenient):
+ // according to https://wiki.fd.io/view/VPP/Introduction_To_N-tuple_Classifiers#Creating_a_classifier_table,
+ // classify table needs 16*(1 + match_n_vectors) bytes, but this does not quite work,
+ // so setting 8K +1k*numberOfSessions for now
+ checkArgument(numberOfSessions>0, "negative numberOfSessions %s", numberOfSessions);
+ request.memorySize = TABLE_MEM_SIZE+1024*(numberOfSessions-1);
request.missNextIndex = -1; // value not set, but anyway it is ignored for tables in chain
return request;
}
// ietf-acl updates are handled first, so we use writeContext.readAfter
final Optional<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl>
- aclOptional = writeContext.readAfter(io.fd.honeycomb.translate.v3po.interfaces.acl.IetfAclWriter.ACL_ID.child(
- org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl.class,
- new AclKey(aclName, aclType)));
+ aclOptional =
+ writeContext.readAfter(io.fd.honeycomb.translate.v3po.interfaces.acl.IetfAclWriter.ACL_ID.child(
+ org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl.class,
+ new AclKey(aclName, aclType)));
checkArgument(aclOptional.isPresent(), "Acl lists not configured");
final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl
acl = aclOptional.get();
if (aceType instanceof AceEth) {
return true; // L2 only rules are possible for IP4 traffic
}
- if (aceType instanceof AceIpAndEth && ((AceIpAndEth)aceType).getAceIpVersion() instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.and.eth.ace.ip.version.AceIpv4) {
+ if (aceType instanceof AceIpAndEth && ((AceIpAndEth) aceType)
+ .getAceIpVersion() instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.and.eth.ace.ip.version.AceIpv4) {
return true;
}
return false;
if (aceType instanceof AceEth) {
return true; // L2 only rules are possible for IP6 traffic
}
- if (aceType instanceof AceIpAndEth && ((AceIpAndEth)aceType).getAceIpVersion() instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.and.eth.ace.ip.version.AceIpv6) {
+ if (aceType instanceof AceIpAndEth && ((AceIpAndEth) aceType)
+ .getAceIpVersion() instanceof org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.and.eth.ace.ip.version.AceIpv6) {
return true;
}
return false;
}
private static List<Ace> getACEs(@Nonnull final List<Acl> acls, @Nonnull final WriteContext writeContext,
- final Predicate<? super Ace> filter) {
+ final Predicate<? super Ace> filter) {
return acls.stream().flatMap(acl -> aclToAceStream(acl, writeContext)).filter(filter)
.collect(Collectors.toList());
}
final PacketHandling action = ace.getActions().getPacketHandling();
final ClassifyAddDelTable ctRequest = aceWriter.createTable(aceType, mode, nextTableIndex, vlanTags);
nextTableIndex = createClassifyTable(id, ctRequest);
- final ClassifyAddDelSession csRequest =
+ final List<ClassifyAddDelSession> sessionRequests =
aceWriter.createSession(action, aceType, mode, nextTableIndex, vlanTags);
- createClassifySession(id, csRequest);
+ for (ClassifyAddDelSession csRequest : sessionRequests) {
+ createClassifySession(id, csRequest);
+ }
}
}
return nextTableIndex;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.AclIpHeaderFields;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.AclIpv4HeaderFields;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.InterfaceMode;
-import org.slf4j.Logger;
public interface Ip4AclTranslator extends Ipv4Translator {
int ETHER_TYPE_OFFSET = 12; // first 14 bytes represent L2 header (2x6)
int IP4_MASK_BIT_LENGTH = 32;
int SRC_IP_OFFSET = ETHER_TYPE_OFFSET + 14;
int DST_IP_OFFSET = SRC_IP_OFFSET + IP4_LEN;
+ int SRC_PORT_OFFSET = DST_IP_OFFSET + IP4_LEN;
+ int DST_PORT_OFFSET = SRC_PORT_OFFSET + 2;
default boolean ip4Mask(final int baseOffset, final InterfaceMode mode, final AclIpHeaderFields header,
- final AclIpv4HeaderFields ip4, final ClassifyAddDelTable request, final Logger log) {
+ final AclIpv4HeaderFields ip4, final ClassifyAddDelTable request) {
boolean aceIsEmpty = true;
if (InterfaceMode.L2.equals(mode)) {
// in L2 mode we need to match ether type
request.mask[baseOffset + IP_PROTOCOL_OFFSET] = (byte) IP_PROTOCOL_MASK;
}
if (header.getSourcePortRange() != null) {
- log.warn("L4 Header fields are not supported. Ignoring {}", header.getSourcePortRange());
+ // TODO (HONEYCOMB-253): port matching will not work correctly if Options are present
+ aceIsEmpty = false;
+ request.mask[baseOffset + SRC_PORT_OFFSET] = (byte) 0xff;
+ request.mask[baseOffset + SRC_PORT_OFFSET + 1] = (byte) 0xff;
}
if (header.getDestinationPortRange() != null) {
- log.warn("L4 Header fields are not supported. Ignoring {}", header.getDestinationPortRange());
+ // TODO (HONEYCOMB-253): port matching will not work correctly if Options are present
+ aceIsEmpty = false;
+ request.mask[baseOffset + DST_PORT_OFFSET] = (byte) 0xff;
+ request.mask[baseOffset + DST_PORT_OFFSET + 1] = (byte) 0xff;
}
if (ip4.getSourceIpv4Network() != null) {
aceIsEmpty = false;
}
default boolean ip4Match(final int baseOffset, final InterfaceMode mode, final AclIpHeaderFields header,
- final AclIpv4HeaderFields ip4, final ClassifyAddDelSession request, final Logger log) {
+ final AclIpv4HeaderFields ip4, final Integer srcPort,
+ final Integer dstPort, final ClassifyAddDelSession request) {
boolean noMatch = true;
if (InterfaceMode.L2.equals(mode)) {
// match IP4 etherType (0x0800)
noMatch = false;
request.match[baseOffset + IP_PROTOCOL_OFFSET] = (byte) (IP_PROTOCOL_MASK & header.getProtocol());
}
- if (header.getSourcePortRange() != null) {
- log.warn("L4 Header fields are not supported. Ignoring {}", header.getSourcePortRange());
+ if (srcPort != null) {
+ // TODO (HONEYCOMB-253): port matching will not work correctly if Options are present
+ noMatch = false;
+ request.match[baseOffset + SRC_PORT_OFFSET] = (byte) (0xff & srcPort >> 8);
+ request.match[baseOffset + SRC_PORT_OFFSET + 1] = (byte) (0xff & srcPort);
}
if (header.getDestinationPortRange() != null) {
- log.warn("L4 Header fields are not supported. Ignoring {}", header.getDestinationPortRange());
+ // TODO (HONEYCOMB-253): port matching will not work correctly if Options are present
+ noMatch = false;
+ request.match[baseOffset + DST_PORT_OFFSET] = (byte) (0xff & dstPort >> 8);
+ request.match[baseOffset + DST_PORT_OFFSET + 1] = (byte) (0xff & dstPort);
}
if (ip4.getSourceIpv4Network() != null) {
noMatch = false;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.AclIpHeaderFields;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.AclIpv6HeaderFields;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.InterfaceMode;
-import org.slf4j.Logger;
public interface Ip6AclTranslator {
int IP6_LEN = 16;
int SRC_IP_OFFSET = IP_VERSION_OFFSET + 8;
int DST_IP_OFFSET = SRC_IP_OFFSET + IP6_LEN;
+ int SRC_PORT_OFFSET = DST_IP_OFFSET + IP6_LEN;
+ int DST_PORT_OFFSET = SRC_PORT_OFFSET + 2;
default boolean ip6Mask(final int baseOffset, final InterfaceMode mode, final AclIpHeaderFields header,
- final AclIpv6HeaderFields ip6, final ClassifyAddDelTable request, final Logger log) {
+ final AclIpv6HeaderFields ip6, final ClassifyAddDelTable request) {
boolean aceIsEmpty = true;
if (InterfaceMode.L2.equals(mode)) {
// in L2 mode we need to match ether type
request.mask[baseOffset + IP_VERSION_OFFSET + 3] = (byte) 0xff;
}
if (header.getSourcePortRange() != null) {
- log.warn("L4 Header fields are not supported. Ignoring {}", header.getSourcePortRange());
+ // TODO (HONEYCOMB-253): port matching will not work correctly if Options are present
+ aceIsEmpty = false;
+ request.mask[baseOffset + SRC_PORT_OFFSET] = (byte) 0xff;
+ request.mask[baseOffset + SRC_PORT_OFFSET + 1] = (byte) 0xff;
}
if (header.getDestinationPortRange() != null) {
- log.warn("L4 Header fields are not supported. Ignoring {}", header.getDestinationPortRange());
+ // TODO (HONEYCOMB-253): port matching will not work correctly if Options are present
+ aceIsEmpty = false;
+ request.mask[baseOffset + DST_PORT_OFFSET] = (byte) 0xff;
+ request.mask[baseOffset + DST_PORT_OFFSET + 1] = (byte) 0xff;
}
if (ip6.getSourceIpv6Network() != null) {
aceIsEmpty = false;
}
default boolean ip6Match(final int baseOffset, final InterfaceMode mode, final AclIpHeaderFields header,
- final AclIpv6HeaderFields ip6, final ClassifyAddDelSession request, final Logger log) {
+ final AclIpv6HeaderFields ip6, final Integer srcPort, final Integer dstPort, final ClassifyAddDelSession request) {
boolean noMatch = true;
if (InterfaceMode.L2.equals(mode)) {
// match IP6 etherType (0x86dd)
request.match[baseOffset + IP_VERSION_OFFSET + 3] = (byte) (0xff & flowLabel);
}
if (header.getSourcePortRange() != null) {
- log.warn("L4 Header fields are not supported. Ignoring {}", header.getSourcePortRange());
+ // TODO (HONEYCOMB-253): port matching will not work correctly if Options are present
+ noMatch = false;
+ request.match[baseOffset + SRC_PORT_OFFSET] = (byte) (0xff & srcPort >> 8);
+ request.match[baseOffset + SRC_PORT_OFFSET + 1] = (byte) (0xff & srcPort);
}
if (header.getDestinationPortRange() != null) {
- log.warn("L4 Header fields are not supported. Ignoring {}", header.getDestinationPortRange());
+ // TODO (HONEYCOMB-253): port matching will not work correctly if Options are present
+ noMatch = false;
+ request.match[baseOffset + DST_PORT_OFFSET] = (byte) (0xff & dstPort >> 8);
+ request.match[baseOffset + DST_PORT_OFFSET + 1] = (byte) (0xff & dstPort);
}
if (ip6.getSourceIpv6Network() != null) {
noMatch = false;
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.fd.honeycomb.translate.v3po.interfaces.acl.ingress;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+import java.util.function.BiFunction;
+import javax.annotation.Nullable;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRange;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRange;
+
+/**
+ * Utility that produces cartesian product out of src and dst port ranges (used to translate ranges into
+ * list of classify sessions).
+ */
+final class PortPair {
+ private final Integer src;
+ private final Integer dst;
+
+ PortPair(@Nullable final Integer src, @Nullable final Integer dst) {
+ this.src = src;
+ this.dst = dst;
+ }
+
+ Integer getSrc() {
+ return src;
+ }
+
+ Integer getDst() {
+ return dst;
+ }
+
+ @Override
+ public String toString() {
+ return "(" + src + "," + dst + ")";
+ }
+
+ @Override
+ public boolean equals(final Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+
+ final PortPair that = (PortPair) o;
+ if (!Objects.equals(src, that.src)) {
+ return false;
+ }
+ if (!Objects.equals(dst, that.dst)) {
+ return false;
+ }
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(src, dst);
+ }
+
+ static List<PortPair> fromRange(final SourcePortRange srcRange,
+ final DestinationPortRange dstRange) {
+ final List<PortPair> result = new ArrayList<>();
+ if (srcRange == null && dstRange == null) {
+ result.add(new PortPair(null, null));
+ } else if (srcRange != null && dstRange == null) {
+ processSingleRange(result, srcRange.getLowerPort(), srcRange.getUpperPort(), PortPair::new);
+ } else if (srcRange == null && dstRange != null) {
+ processSingleRange(result, dstRange.getLowerPort(), dstRange.getUpperPort(),
+ (dst, src) -> new PortPair(src, dst));
+ } else {
+ processDoubleRange(result, srcRange, dstRange);
+ }
+ return result;
+ }
+
+ private static void processSingleRange(final List<PortPair> result,
+ final PortNumber lowerPort,
+ final PortNumber upperPort,
+ final BiFunction<Integer, Integer, PortPair> f) {
+ int low = lowerPort.getValue(); // mandatory
+ int hi = low;
+ if (upperPort != null) {
+ hi = upperPort.getValue();
+ }
+ for (; low <= hi; ++low) {
+ result.add(f.apply(low, null));
+ }
+ }
+
+ private static void processDoubleRange(final List<PortPair> result, final SourcePortRange srcRange,
+ final DestinationPortRange dstRange) {
+ int srcL = srcRange.getLowerPort().getValue();
+ int srcH = srcL;
+ if (srcRange.getUpperPort() != null) {
+ srcH = srcRange.getUpperPort().getValue();
+ }
+ int dstL = dstRange.getLowerPort().getValue();
+ int dstH = dstL;
+ if (dstRange.getUpperPort() != null) {
+ dstH = dstRange.getUpperPort().getValue();
+ }
+ for (int i=srcL; i <= srcH; ++i) {
+ for (int j=dstL; j <= dstH; ++j) {
+ result.add(new PortPair(i, j));
+ }
+ }
+ }
+}
final ClassifySessionDump dumpRequest = new ClassifySessionDump();
dumpRequest.tableId = tableId;
+ final int timeOut = 30; // there can be many session with current ietf-acl implementation (could be probably
+ // removed after fixing HONEYCOMB-247)
classifySessionDump =
- getReplyForRead(getFutureJVpp().classifySessionDump(dumpRequest).toCompletableFuture(), id);
+ getReplyForRead(getFutureJVpp().classifySessionDump(dumpRequest).toCompletableFuture(), id, timeOut);
if (classifySessionDump != null) {
// update the cache:
@Test
public void testCreateClassifySession() {
final int tableIndex = 123;
- final ClassifyAddDelSession request = writer.createSession(action, aceEth, InterfaceMode.L2, tableIndex, 0);
+ final ClassifyAddDelSession request = writer.createSession(action, aceEth, InterfaceMode.L2, tableIndex, 0).get(0);
assertEquals(1, request.isAdd);
assertEquals(tableIndex, request.tableIndex);
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4Builder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Dscp;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRangeBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRangeBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.InterfaceMode;
public class AceIp4WriterTest {
.setSourceIpv4Network(new Ipv4Prefix("1.2.3.4/32"))
.setDestinationIpv4Network(new Ipv4Prefix("1.2.4.5/24"))
.build())
+ .setSourcePortRange(new SourcePortRangeBuilder().setLowerPort(new PortNumber(0x1111)).build())
+ .setDestinationPortRange(new DestinationPortRangeBuilder().setLowerPort(new PortNumber(0x2222)).build())
.build();
}
-1, -1, -1, -1,
// destination address:
-1, -1, -1, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ // source and destination port:
+ -1, -1, -1, -1,
+ // padding:
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
if (isL2) {
expectedMask[12] = (byte) 0xff;
expectedMask[13] = (byte) 0xff;
}
- AceIpWriterTestUtils.assertArrayEqualsWithOffset(expectedMask, request.mask, vlanTags * VLAN_TAG_LEN);
+ AceIpWriterTestUtils.assertArrayEqualsWithOffset(expectedMask, expectedMask.length, request.mask, vlanTags * VLAN_TAG_LEN);
}
1, 2, 3, 4,
// destination address:
1, 2, 4, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ // source and destination port:
+ 0x11, 0x11, 0x22, 0x22,
+ // padding:
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
if (isL2) {
expectedMatch[12] = (byte) 0x08;
expectedMatch[13] = (byte) 0x00;
}
- AceIpWriterTestUtils.assertArrayEqualsWithOffset(expectedMatch, request.match, vlanTags * VLAN_TAG_LEN);
+ AceIpWriterTestUtils.assertArrayEqualsWithOffset(expectedMatch, expectedMatch.length, request.match, vlanTags * VLAN_TAG_LEN);
}
@Test
public void testCreateClassifySession() throws Exception {
final int tableIndex = 123;
- final ClassifyAddDelSession request = writer.createSession(action, aceIp, InterfaceMode.L3, tableIndex, 0);
+ final ClassifyAddDelSession request = writer.createSession(action, aceIp, InterfaceMode.L3, tableIndex, 0).get(0);
verifySessionRequest(request, tableIndex, 0, false);
}
@Test
public void testCreateClassifySessionForL2Interface() throws Exception {
final int tableIndex = 123;
- final ClassifyAddDelSession request = writer.createSession(action, aceIp, InterfaceMode.L2, tableIndex, 0);
+ final ClassifyAddDelSession request = writer.createSession(action, aceIp, InterfaceMode.L2, tableIndex, 0).get(0);
verifySessionRequest(request, tableIndex, 0, true);
}
public void testCreateClassifySession1VlanTag() throws Exception {
final int tableIndex = 123;
final int vlanTags = 1;
- final ClassifyAddDelSession request = writer.createSession(action, aceIp, InterfaceMode.L3, tableIndex, vlanTags);
+ final ClassifyAddDelSession request = writer.createSession(action, aceIp, InterfaceMode.L3, tableIndex, vlanTags).get(0);
verifySessionRequest(request, tableIndex, vlanTags, false);
}
public void testCreateClassifySession2VlanTags() throws Exception {
final int tableIndex = 123;
final int vlanTags = 2;
- final ClassifyAddDelSession request = writer.createSession(action, aceIp, InterfaceMode.L3, tableIndex, vlanTags);
+ final ClassifyAddDelSession request = writer.createSession(action, aceIp, InterfaceMode.L3, tableIndex, vlanTags).get(0);
verifySessionRequest(request, tableIndex, vlanTags, false);
}
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Dscp;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6FlowLabel;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRangeBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRangeBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.InterfaceMode;
public class AceIp6WriterTest {
.setSourceIpv6Network(new Ipv6Prefix("2001:db8:85a3:8d3:1319:8a2e:370:7348/128"))
.setDestinationIpv6Network(new Ipv6Prefix("fe80:1234:5678:abcd:ef01::/64"))
.build())
+ .setSourcePortRange(new SourcePortRangeBuilder().setLowerPort(new PortNumber(0x1111)).build())
+ .setDestinationPortRange(new DestinationPortRangeBuilder().setLowerPort(new PortNumber(0x2222)).build())
.build();
}
assertEquals(1, request.nbuckets);
assertEquals(nextTableIndex, request.nextTableIndex);
assertEquals(0, request.skipNVectors);
- assertEquals(AceIp6Writer.MATCH_N_VECTORS, request.matchNVectors);
+ assertEquals(vlanTags == 2 ? 5 : 4, request.matchNVectors);
assertEquals(AceIp6Writer.TABLE_MEM_SIZE, request.memorySize);
byte[] expectedMask = new byte[] {
// destination address:
(byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
0, 0, 0, 0, 0, 0, 0, 0,
+ // source and destination port:
+ -1, -1, -1, -1,
// padding to multiple of 16B:
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ 0, 0, 0, 0, 0, 0
};
if (isL2) {
expectedMask[12] = (byte) 0xff;
expectedMask[13] = (byte) 0xff;
}
- AceIpWriterTestUtils.assertArrayEqualsWithOffset(expectedMask, request.mask, vlanTags * VLAN_TAG_LEN);
+ AceIpWriterTestUtils.assertArrayEqualsWithOffset(expectedMask, vlanTags == 2 ? 80 : 64, request.mask, vlanTags * VLAN_TAG_LEN);
}
private static void verifySessionRequest(final ClassifyAddDelSession request, final int tableIndex,
// destination address:
(byte) 0xfe, (byte) 0x80, (byte) 0x12, (byte) 0x34, (byte) 0x56, (byte) 0x78, (byte) 0xab, (byte) 0xcd,
0, 0, 0, 0, 0, 0, 0, 0,
+ // source and destination port:
+ 0x11, 0x11, 0x22, 0x22,
// padding to multiple of 16B:
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ 0, 0, 0, 0, 0, 0
};
if (isL2) {
expectedMatch[12] = (byte) 0x86;
expectedMatch[13] = (byte) 0xdd;
}
- AceIpWriterTestUtils.assertArrayEqualsWithOffset(expectedMatch, request.match, vlanTags * VLAN_TAG_LEN);
+ AceIpWriterTestUtils.assertArrayEqualsWithOffset(expectedMatch, vlanTags == 2 ? 80 : 64, request.match, vlanTags * VLAN_TAG_LEN);
}
public void testCreateClassifySession() {
final int tableIndex = 123;
final ClassifyAddDelSession request =
- writer.createSession(action, aceIp, InterfaceMode.L3, tableIndex, 0);
+ writer.createSession(action, aceIp, InterfaceMode.L3, tableIndex, 0).get(0);
verifySessionRequest(request, tableIndex, 0, false);
}
public void testCreateClassifySessionForL2Interface() {
final int tableIndex = 123;
final ClassifyAddDelSession request =
- writer.createSession(action, aceIp, InterfaceMode.L2, tableIndex, 0);
+ writer.createSession(action, aceIp, InterfaceMode.L2, tableIndex, 0).get(0);
verifySessionRequest(request, tableIndex, 0, true);
}
final int tableIndex = 123;
final int vlanTags = 1;
final ClassifyAddDelSession request =
- writer.createSession(action, aceIp, InterfaceMode.L3, tableIndex, vlanTags);
+ writer.createSession(action, aceIp, InterfaceMode.L3, tableIndex, vlanTags).get(0);
verifySessionRequest(request, tableIndex, vlanTags, false);
}
final int tableIndex = 123;
final int vlanTags = 2;
final ClassifyAddDelSession request =
- writer.createSession(action, aceIp, InterfaceMode.L3, tableIndex, vlanTags);
+ writer.createSession(action, aceIp, InterfaceMode.L3, tableIndex, vlanTags).get(0);
verifySessionRequest(request, tableIndex, vlanTags, false);
}
}
\ No newline at end of file
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.PacketHandling;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.DenyBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRangeBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRangeBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.InterfaceMode;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIpAndEth;
.setSourceMacAddress(new MacAddress("aa:bb:cc:dd:ee:ff"))
.setAceIpVersion(new AceIpv4Builder()
.setSourceIpv4Network(new Ipv4Prefix("1.2.3.4/32")).build())
+ .setSourcePortRange(new SourcePortRangeBuilder().setLowerPort(new PortNumber(0x1111)).build())
+ .setDestinationPortRange(new DestinationPortRangeBuilder().setLowerPort(new PortNumber(0x2222)).build())
.build();
}
-1, -1, -1, -1,
// destination address:
0, 0, 0, 0,
+ // source and destination port:
+ -1, -1, -1, -1,
// padding:
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
assertArrayEquals(expectedMask, request.mask);
}
@Test
public void testCreateClassifySession() {
final int tableIndex = 123;
- final ClassifyAddDelSession request = writer.createSession(action, ace, InterfaceMode.L2, tableIndex, 0);
+ final ClassifyAddDelSession request = writer.createSession(action, ace, InterfaceMode.L2, tableIndex, 0).get(0);
assertEquals(1, request.isAdd);
assertEquals(tableIndex, request.tableIndex);
1, 2, 3, 4,
// destination address:
0, 0, 0, 0,
+ // source and destination port:
+ 0x11, 0x11, 0x22, 0x22,
// padding:
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
assertArrayEquals(expectedMatch, request.match);
}
throw new UnsupportedOperationException("This utility class cannot be instantiated");
}
- protected static void assertArrayEqualsWithOffset(final byte[] baseExpected, final byte[] actual,
+ protected static void assertArrayEqualsWithOffset(final byte[] baseExpected, final int expectedLength, final byte[] actual,
final int offset) {
- byte[] expected = new byte[baseExpected.length];
- System.arraycopy(baseExpected, 0, expected, offset, expected.length - offset);
+ byte[] expected = new byte[expectedLength];
+ System.arraycopy(baseExpected, 0, expected, offset, Math.min(baseExpected.length, expectedLength-offset));
assertArrayEquals(expected, actual);
}
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.fd.honeycomb.translate.v3po.interfaces.acl.ingress;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.contains;
+import static org.hamcrest.Matchers.hasSize;
+
+import java.util.List;
+import org.junit.Test;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRange;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRangeBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRange;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRangeBuilder;
+
+public class PortPairTest {
+
+ @Test
+ public void testSingleSrc() {
+ final SourcePortRange src = new SourcePortRangeBuilder().setLowerPort(new PortNumber(123)).build();
+ final List<PortPair> portPairs = PortPair.fromRange(src, null);
+ assertThat(portPairs, hasSize(1));
+ assertThat(portPairs, contains(new PortPair(123, null)));
+ }
+
+ @Test
+ public void testSrcRange() {
+ final SourcePortRange src = new SourcePortRangeBuilder()
+ .setLowerPort(new PortNumber(123))
+ .setUpperPort(new PortNumber(125)).build();
+ final List<PortPair> portPairs = PortPair.fromRange(src, null);
+ assertThat(portPairs, hasSize(3));
+ assertThat(portPairs, contains(new PortPair(123, null), new PortPair(124, null), new PortPair(125, null)));
+ }
+
+ @Test
+ public void testSrcRangeWithDst() {
+ final SourcePortRange src = new SourcePortRangeBuilder()
+ .setLowerPort(new PortNumber(123))
+ .setUpperPort(new PortNumber(125)).build();
+ final DestinationPortRange dst = new DestinationPortRangeBuilder().setLowerPort(new PortNumber(111)).build();
+ final List<PortPair> portPairs = PortPair.fromRange(src, dst);
+ assertThat(portPairs, hasSize(3));
+ assertThat(portPairs, contains(new PortPair(123, 111), new PortPair(124, 111), new PortPair(125, 111)));
+ }
+
+ @Test
+ public void testSingleDst() {
+ final DestinationPortRange dst = new DestinationPortRangeBuilder().setLowerPort(new PortNumber(123)).build();
+ final List<PortPair> portPairs = PortPair.fromRange(null, dst);
+ assertThat(portPairs, hasSize(1));
+ assertThat(portPairs, contains(new PortPair(null, 123)));
+ }
+
+ @Test
+ public void testDstRange() {
+ final DestinationPortRange dst = new DestinationPortRangeBuilder()
+ .setLowerPort(new PortNumber(10))
+ .setUpperPort(new PortNumber(11)).build();
+ final List<PortPair> portPairs = PortPair.fromRange(null, dst);
+ assertThat(portPairs, hasSize(2));
+ assertThat(portPairs, contains(new PortPair(null, 10), new PortPair(null, 11)));
+ }
+
+ @Test
+ public void testDstRangeWithSrc() {
+ final SourcePortRange src = new SourcePortRangeBuilder().setLowerPort(new PortNumber(111)).build();
+ final DestinationPortRange dst = new DestinationPortRangeBuilder()
+ .setLowerPort(new PortNumber(10))
+ .setUpperPort(new PortNumber(11)).build();
+ final List<PortPair> portPairs = PortPair.fromRange(src, dst);
+ assertThat(portPairs, hasSize(2));
+ assertThat(portPairs, contains(new PortPair(111, 10), new PortPair(111, 11)));
+ }
+
+ @Test
+ public void testSinglePair() {
+ final SourcePortRange src = new SourcePortRangeBuilder().setLowerPort(new PortNumber(123)).build();
+ final DestinationPortRange dst = new DestinationPortRangeBuilder().setLowerPort(new PortNumber(321)).build();
+ final List<PortPair> portPairs = PortPair.fromRange(src, dst);
+ assertThat(portPairs, hasSize(1));
+ assertThat(portPairs, contains(new PortPair(123, 321)));
+ }
+
+ @Test
+ public void testCartesianProduct() {
+ final SourcePortRange src = new SourcePortRangeBuilder()
+ .setLowerPort(new PortNumber(1))
+ .setUpperPort(new PortNumber(2)).build();
+ final DestinationPortRange dst = new DestinationPortRangeBuilder()
+ .setLowerPort(new PortNumber(1))
+ .setUpperPort(new PortNumber(3)).build();
+ final List<PortPair> portPairs = PortPair.fromRange(src, dst);
+ assertThat(portPairs, hasSize(6));
+ assertThat(portPairs,
+ contains(new PortPair(1, 1), new PortPair(1, 2), new PortPair(1, 3), new PortPair(2, 1), new PortPair(2, 2),
+ new PortPair(2, 3)));
+ }
+}
\ No newline at end of file
Code Review / hc2vpp.git / commitdiff