Details
-
Bug
-
Status: Resolved
-
Medium
-
Resolution: Won't Do
-
Boron
-
None
-
None
-
None
-
Operating System: All
Platform: All
-
7291
Description
in addStatelessEgressAclTableMissFlow function, the table name is INGRESS_ACL_TABLE, and in addStatelessIngressAclTableMissFlow function, the table name is EGRESS_ACL_TABLE.
private void addStatelessIngressAclTableMissFlow(BigInteger dpId) {
List<MatchInfo> synMatches = new ArrayList<>();
synMatches.add(new MatchInfo(MatchFieldType.eth_type,
new long[]
synMatches.add(new MatchInfo(MatchFieldType.ip_proto,
new long[] { IPProtocols.TCP.intValue() }));
synMatches.add(new MatchInfo(MatchFieldType.tcp_flags, new long[] { AclConstants.TCP_FLAG_SYN }));
List<ActionInfo> dropActionsInfos = new ArrayList<>();
dropActionsInfos.add(new ActionInfo(ActionType.drop_action, new String[] {}));
List<InstructionInfo> synInstructions = new ArrayList<>();
synInstructions.add(new InstructionInfo(InstructionType.apply_actions, dropActionsInfos));
FlowEntity synFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_ACL_TABLE,
"SYN-" + getTableMissFlowId(NwConstants.EGRESS_ACL_TABLE),
AclConstants.PROTO_MATCH_SYN_DROP_PRIORITY, "Ingress Syn ACL Table Block", 0, 0,
AclConstants.COOKIE_ACL_BASE, synMatches, synInstructions);
mdsalManager.installFlow(synFlowEntity);
synMatches = new ArrayList<>();
synMatches.add(new MatchInfo(MatchFieldType.eth_type,
new long[] { NwConstants.ETHTYPE_IPV4 }
));
synMatches.add(new MatchInfo(MatchFieldType.ip_proto,
new long[]
synMatches.add(new MatchInfo(MatchFieldType.tcp_flags, new long[] { AclConstants.TCP_FLAG_SYN_ACK }));
List<InstructionInfo> allowAllInstructions = new ArrayList<>();
allowAllInstructions.add(
new InstructionInfo(InstructionType.goto_table,
new long[] { NwConstants.EGRESS_ACL_FILTER_TABLE }));
FlowEntity synAckFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_ACL_TABLE,
"SYN-ACK-ALLOW-" + getTableMissFlowId(NwConstants.EGRESS_ACL_TABLE),
AclConstants.PROTO_MATCH_SYN_ACK_ALLOW_PRIORITY, "Ingress Syn Ack ACL Table Allow", 0, 0,
AclConstants.COOKIE_ACL_BASE, synMatches, allowAllInstructions);
mdsalManager.installFlow(synAckFlowEntity);
List<MatchInfo> mkMatches = new ArrayList<>();
FlowEntity flowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_ACL_TABLE,
getTableMissFlowId(NwConstants.EGRESS_ACL_TABLE), 0, "Ingress Stateless ACL Table Miss Flow",
0, 0, AclConstants.COOKIE_ACL_BASE, mkMatches, allowAllInstructions);
mdsalManager.installFlow(flowEntity);
short dispatcherTableId = NwConstants.EGRESS_LPORT_DISPATCHER_TABLE;
List<ActionInfo> actionsInfos = new ArrayList<>();
List<InstructionInfo> instructions = new ArrayList<>();
actionsInfos.add(new ActionInfo(ActionType.nx_resubmit, new String[] {Short.toString(dispatcherTableId)}));
instructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
FlowEntity nextTblFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.EGRESS_ACL_FILTER_TABLE,
getTableMissFlowId(NwConstants.EGRESS_ACL_FILTER_TABLE), 0,
"Ingress Stateless Next ACL Table Miss Flow", 0, 0, AclConstants.COOKIE_ACL_BASE,
mkMatches, instructions);
mdsalManager.installFlow(nextTblFlowEntity);
LOG.debug("Added Stateless Ingress ACL Table Miss Flows for dpn {}.", dpId);
}
private void addStatelessEgressAclTableMissFlow(BigInteger dpId) {
List<InstructionInfo> allowAllInstructions = new ArrayList<>();
allowAllInstructions.add(
new InstructionInfo(InstructionType.goto_table, new long[] { NwConstants.INGRESS_ACL_FILTER_TABLE }));
List<MatchInfo> synMatches = new ArrayList<>();
synMatches.add(new MatchInfo(MatchFieldType.eth_type,
new long[] { NwConstants.ETHTYPE_IPV4 }));
synMatches.add(new MatchInfo(MatchFieldType.ip_proto,
new long[] { IPProtocols.TCP.intValue() }
));
synMatches.add(new MatchInfo(MatchFieldType.tcp_flags, new long[]
));
List<ActionInfo> synActionsInfos = new ArrayList<>();
synActionsInfos.add(new ActionInfo(ActionType.drop_action, new String[] {}));
List<InstructionInfo> synInstructions = new ArrayList<>();
synInstructions.add(new InstructionInfo(InstructionType.apply_actions, synActionsInfos));
FlowEntity synFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_ACL_TABLE,
"SYN-" + getTableMissFlowId(NwConstants.INGRESS_ACL_TABLE),
AclConstants.PROTO_MATCH_SYN_DROP_PRIORITY, "Egress Syn ACL Table Block", 0, 0,
AclConstants.COOKIE_ACL_BASE, synMatches, synInstructions);
mdsalManager.installFlow(synFlowEntity);
synMatches = new ArrayList<>();
synMatches.add(new MatchInfo(MatchFieldType.eth_type,
new long[]
));
synMatches.add(new MatchInfo(MatchFieldType.ip_proto,
new long[]
));
synMatches.add(new MatchInfo(MatchFieldType.tcp_flags, new long[]
));
FlowEntity synAckFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_ACL_TABLE,
"SYN-ACK-ALLOW-" + getTableMissFlowId(NwConstants.INGRESS_ACL_TABLE),
AclConstants.PROTO_MATCH_SYN_ACK_ALLOW_PRIORITY, "Egress Syn Ack ACL Table Allow", 0, 0,
AclConstants.COOKIE_ACL_BASE, synMatches, allowAllInstructions);
mdsalManager.installFlow(synAckFlowEntity);
List<MatchInfo> mkMatches = new ArrayList<>();
FlowEntity flowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_ACL_TABLE,
getTableMissFlowId(NwConstants.INGRESS_ACL_TABLE), 0, "Egress Stateless ACL Table Miss Flow", 0, 0,
AclConstants.COOKIE_ACL_BASE, mkMatches, allowAllInstructions);
mdsalManager.installFlow(flowEntity);
short dispatcherTableId = NwConstants.LPORT_DISPATCHER_TABLE;
List<ActionInfo> actionsInfos = new ArrayList<>();
List<InstructionInfo> dispatcherInstructions = new ArrayList<>();
actionsInfos.add(new ActionInfo(ActionType.nx_resubmit, new String[]
));
dispatcherInstructions.add(new InstructionInfo(InstructionType.apply_actions, actionsInfos));
FlowEntity nextTblFlowEntity = MDSALUtil.buildFlowEntity(dpId, NwConstants.INGRESS_ACL_FILTER_TABLE,
getTableMissFlowId(NwConstants.INGRESS_ACL_FILTER_TABLE), 0,
"Egress Stateless Next ACL Table Miss Flow", 0, 0, AclConstants.COOKIE_ACL_BASE, mkMatches,
dispatcherInstructions);
mdsalManager.installFlow(nextTblFlowEntity);
LOG.debug("Added Stateless Egress ACL Table Miss Flows for dpn {}", dpId);
}
