package org.opendaylight.netvirt.aclservice.utils;

import com.google.common.collect.Lists;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.opendaylight.genius.infra.Datastore;
import org.opendaylight.genius.infra.TypedWriteTransaction;
import org.opendaylight.genius.mdsalutil.FlowEntity;
import org.opendaylight.genius.mdsalutil.InstructionInfo;
import org.opendaylight.genius.mdsalutil.MDSALUtil;
import org.opendaylight.genius.mdsalutil.MatchInfoBase;
import org.opendaylight.genius.mdsalutil.MetaDataUtil;
import org.opendaylight.genius.mdsalutil.actions.ActionNxCtClear;
import org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit;
import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions;
import org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable;
import org.opendaylight.genius.mdsalutil.instructions.InstructionWriteMetadata;
import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType;
import org.opendaylight.genius.mdsalutil.matches.MatchIcmpv6;
import org.opendaylight.genius.mdsalutil.matches.MatchIpProtocol;
import org.opendaylight.genius.mdsalutil.matches.MatchMetadata;
import org.opendaylight.genius.mdsalutil.matches.MatchUdpDestinationPort;
import org.opendaylight.genius.mdsalutil.matches.MatchUdpSourcePort;
import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtMark;
import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtState;
import org.opendaylight.genius.mdsalutil.packet.IPProtocols;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.config.rev160806.AclserviceConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/netvirt/aclservice/utils/AclNodeDefaultFlowsTxBuilder.class */
public class AclNodeDefaultFlowsTxBuilder {
    private static final Logger LOG = LoggerFactory.getLogger(AclNodeDefaultFlowsTxBuilder.class);
    private final BigInteger dpId;
    private final IMdsalApiManager mdsalManager;
    private final AclserviceConfig config;
    private final TypedWriteTransaction<Datastore.Configuration> tx;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.opendaylight.netvirt.aclservice.utils.AclNodeDefaultFlowsTxBuilder$1, reason: invalid class name */
    /* loaded from: input_file:org/opendaylight/netvirt/aclservice/utils/AclNodeDefaultFlowsTxBuilder$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$opendaylight$genius$mdsalutil$packet$IPProtocols = new int[IPProtocols.values().length];

        static {
            try {
                $SwitchMap$org$opendaylight$genius$mdsalutil$packet$IPProtocols[IPProtocols.TCP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$opendaylight$genius$mdsalutil$packet$IPProtocols[IPProtocols.UDP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$opendaylight$genius$mdsalutil$packet$IPProtocols[IPProtocols.ICMP.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$opendaylight$genius$mdsalutil$packet$IPProtocols[IPProtocols.IPV6ICMP.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    public AclNodeDefaultFlowsTxBuilder(BigInteger bigInteger, IMdsalApiManager iMdsalApiManager, AclserviceConfig aclserviceConfig, TypedWriteTransaction<Datastore.Configuration> typedWriteTransaction) {
        this.dpId = bigInteger;
        this.mdsalManager = iMdsalApiManager;
        this.config = aclserviceConfig;
        this.tx = typedWriteTransaction;
    }

    public void build() {
        createTableDefaultEntries();
    }

    private void createTableDefaultEntries() {
        addStatefulIngressDefaultFlows();
        addStatefulEgressDefaultFlows();
    }

    private void addStatefulIngressDefaultFlows() {
        addIngressAclTableMissFlows();
        addIngressDropFlows();
        addIngressAntiSpoofingTableGotoFlows();
        addIngressConntrackClassifierFlows();
        addIngressConntrackStateRules();
    }

    private void addStatefulEgressDefaultFlows() {
        addEgressAclTableMissFlows();
        addEgressDropFlows();
        addEgressConntrackClassifierFlows();
        addEgressConntrackStateRules();
        addEgressAllowBroadcastFlow();
        addEgressCtClearRule();
    }

    private void addIngressAclTableMissFlows() {
        addGotoOrResubmitTableMissFlow((short) 210, (short) 217, Lists.newArrayList(new InstructionInfo[]{AclServiceUtils.getWriteMetadataForDropFlag()}));
        addGotoOrResubmitTableMissFlow((short) 211, (short) 214, Lists.newArrayList(new InstructionInfo[]{AclServiceUtils.getWriteMetadataForAclClassifierType(AclConntrackClassifierType.NON_CONNTRACK_SUPPORTED)}));
        addDropOrAllowTableMissFlow((short) 212, (short) 213);
        addGotoOrResubmitTableMissFlow((short) 213, (short) 214);
        addDropOrAllowTableMissFlow((short) 214, (short) 215);
        addGotoOrResubmitTableMissFlow((short) 215, (short) 214);
        addGotoOrResubmitTableMissFlow((short) 216, (short) 214);
        addDropOrAllowTableMissFlow((short) 217, (short) 17);
        LOG.debug("Added Stateful Ingress ACL Table Miss Flows for dpn {}", this.dpId);
    }

    private void addEgressAclTableMissFlows() {
        addGotoOrResubmitTableMissFlow((short) 239, (short) 240);
        addGotoOrResubmitTableMissFlow((short) 240, (short) 247, Lists.newArrayList(new InstructionInfo[]{AclServiceUtils.getWriteMetadataForDropFlag()}));
        addGotoOrResubmitTableMissFlow((short) 241, (short) 244, Lists.newArrayList(new InstructionInfo[]{AclServiceUtils.getWriteMetadataForAclClassifierType(AclConntrackClassifierType.NON_CONNTRACK_SUPPORTED)}));
        addDropOrAllowTableMissFlow((short) 242, (short) 243);
        addGotoOrResubmitTableMissFlow((short) 243, (short) 244);
        addDropOrAllowTableMissFlow((short) 244, (short) 245);
        addGotoOrResubmitTableMissFlow((short) 245, (short) 244);
        addGotoOrResubmitTableMissFlow((short) 246, (short) 244);
        addDropOrAllowTableMissFlow((short) 247, (short) 17);
        LOG.debug("Added Stateful Egress ACL Table Miss Flows for dpn {}", this.dpId);
    }

    private void addIngressDropFlows() {
        addFlowToTx((short) 217, "Ingress_Committer_Drop_Flow", AclConstants.COMMITTER_TABLE_DROP_PRIORITY.intValue(), getMetadataForCommitterDropFlag(), AclServiceOFFlowBuilder.getDropInstructionInfo());
    }

    private void addEgressDropFlows() {
        addFlowToTx((short) 247, "Egress_Committer_Drop_Flow", AclConstants.COMMITTER_TABLE_DROP_PRIORITY.intValue(), getMetadataForCommitterDropFlag(), AclServiceOFFlowBuilder.getDropInstructionInfo());
    }

    private void addIngressAntiSpoofingTableGotoFlows() {
        InstructionWriteMetadata writeMetadataForDropFlag = AclServiceUtils.getWriteMetadataForDropFlag();
        List<InstructionInfo> gotoInstructionInfo = AclServiceOFFlowBuilder.getGotoInstructionInfo((short) 217);
        gotoInstructionInfo.add(writeMetadataForDropFlag);
        ArrayList arrayList = new ArrayList();
        arrayList.add(MatchEthernetType.ARP);
        addFlowToTx((short) 210, "Ingress_ACL_Table_ARP_GOTO_Flow", AclConstants.PROTO_ARP_TRAFFIC_DROP_PRIORITY.intValue(), arrayList, gotoInstructionInfo);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(MatchEthernetType.IPV4);
        addFlowToTx((short) 210, "Ingress_ACL_Table_IP_GOTO_Flow", AclConstants.PROTO_IP_TRAFFIC_DROP_PRIORITY.intValue(), arrayList2, gotoInstructionInfo);
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add(MatchEthernetType.IPV6);
        addFlowToTx((short) 210, "Ingress_ACL_Table_IPv6_GOTO_Flow", AclConstants.PROTO_IP_TRAFFIC_DROP_PRIORITY.intValue(), arrayList3, gotoInstructionInfo);
        addIngressAclDhcpServerTrafficFlow(gotoInstructionInfo);
        addIngressAclDhcpv6ServerTrafficFlow(gotoInstructionInfo);
        addIngressAclIcmpv6RouterAdvtsFlow(gotoInstructionInfo);
    }

    private void addIngressAclDhcpServerTrafficFlow(List<InstructionInfo> list) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(MatchEthernetType.IPV4);
        arrayList.add(MatchIpProtocol.UDP);
        arrayList.add(new MatchUdpDestinationPort(68));
        arrayList.add(new MatchUdpSourcePort(67));
        addFlowToTx((short) 210, "Egress_DHCP_Server_v4_GOTO_FLOW", AclConstants.PROTO_MATCH_PRIORITY.intValue(), arrayList, list);
    }

    private void addIngressAclDhcpv6ServerTrafficFlow(List<InstructionInfo> list) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(MatchEthernetType.IPV6);
        arrayList.add(MatchIpProtocol.UDP);
        arrayList.add(new MatchUdpDestinationPort(AclConstants.DHCP_CLIENT_PORT_IPV6));
        arrayList.add(new MatchUdpSourcePort(AclConstants.DHCP_SERVER_PORT_IPV6));
        addFlowToTx((short) 210, "Egress_DHCP_Server_v6_GOTO_FLOW", AclConstants.PROTO_MATCH_PRIORITY.intValue(), arrayList, list);
    }

    private void addIngressAclIcmpv6RouterAdvtsFlow(List<InstructionInfo> list) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(MatchEthernetType.IPV6);
        arrayList.add(MatchIpProtocol.ICMPV6);
        arrayList.add(new MatchIcmpv6((short) 134, (short) 0));
        addFlowToTx((short) 210, "Egress_ICMPv6_134_GOTO_FLOW", AclConstants.PROTO_IPV6_DROP_PRIORITY.intValue(), arrayList, list);
    }

    private List<MatchInfoBase> getMetadataForCommitterDropFlag() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new MatchMetadata(MetaDataUtil.METADATA_MASK_ACL_DROP.and(AclConstants.METADATA_DROP_FLAG.shiftLeft(2)), MetaDataUtil.METADATA_MASK_ACL_DROP.and(AclConstants.METADATA_DROP_FLAG.shiftLeft(2))));
        return arrayList;
    }

    private void addDropOrAllowTableMissFlow(short s, short s2) {
        addFlowToTx(s, getTableMissFlowId(s), AclConstants.ACL_TABLE_MISS_PRIORITY.intValue(), Collections.emptyList(), this.config.getDefaultBehavior() == AclserviceConfig.DefaultBehavior.Deny ? AclServiceOFFlowBuilder.getDropInstructionInfo() : getGotoOrResubmitInstructions(s, s2));
    }

    private void addGotoOrResubmitTableMissFlow(short s, short s2) {
        addGotoOrResubmitTableMissFlow(s, s2, null);
    }

    private void addGotoOrResubmitTableMissFlow(short s, short s2, List<InstructionInfo> list) {
        List<? extends MatchInfoBase> emptyList = Collections.emptyList();
        List<InstructionInfo> gotoOrResubmitInstructions = getGotoOrResubmitInstructions(s, s2);
        if (list != null && !list.isEmpty()) {
            gotoOrResubmitInstructions.addAll(list);
        }
        addFlowToTx(s, getTableMissFlowId(s), AclConstants.ACL_TABLE_MISS_PRIORITY.intValue(), emptyList, gotoOrResubmitInstructions);
    }

    private List<InstructionInfo> getGotoOrResubmitInstructions(short s, short s2) {
        return s < s2 ? AclServiceOFFlowBuilder.getGotoInstructionInfo(s2) : AclServiceOFFlowBuilder.getResubmitInstructionInfo(s2);
    }

    private void addIngressConntrackStateRules() {
        addConntrackStateRules((short) 17, (short) 214);
        addConntrackUntrackedRule((short) 214, (short) 212);
    }

    private void addEgressConntrackStateRules() {
        addConntrackStateRules((short) 220, (short) 244);
        addConntrackUntrackedRule((short) 244, (short) 242);
    }

    private void addIngressConntrackClassifierFlows() {
        addConntrackClassifierFlows((short) 211, (short) 212);
    }

    private void addEgressConntrackClassifierFlows() {
        addConntrackClassifierFlows((short) 241, (short) 242);
    }

    private void addConntrackClassifierFlows(short s, short s2) {
        for (IPProtocols iPProtocols : AclConstants.PROTOCOLS_SUPPORTED_BY_CONNTRACK) {
            switch (AnonymousClass1.$SwitchMap$org$opendaylight$genius$mdsalutil$packet$IPProtocols[iPProtocols.ordinal()]) {
                case 1:
                case 2:
                    programConntrackClassifierFlow(s, s2, MatchEthernetType.IPV4, iPProtocols);
                    programConntrackClassifierFlow(s, s2, MatchEthernetType.IPV6, iPProtocols);
                    break;
                case 3:
                    programConntrackClassifierFlow(s, s2, MatchEthernetType.IPV4, iPProtocols);
                    break;
                case 4:
                    programConntrackClassifierFlow(s, s2, MatchEthernetType.IPV6, iPProtocols);
                    break;
                default:
                    LOG.error("Invalid protocol [{}] for conntrack", iPProtocols);
                    break;
            }
        }
    }

    private void programConntrackClassifierFlow(short s, short s2, MatchEthernetType matchEthernetType, IPProtocols iPProtocols) {
        String str = "Fixed_Conntrk_Classifier_" + this.dpId + "_" + ((int) s) + "_" + matchEthernetType + "_" + iPProtocols.name();
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(AclServiceUtils.buildIpProtocolMatches(matchEthernetType, iPProtocols));
        List<InstructionInfo> gotoInstructionInfo = AclServiceOFFlowBuilder.getGotoInstructionInfo(s2);
        gotoInstructionInfo.add(AclServiceUtils.getWriteMetadataForAclClassifierType(AclConntrackClassifierType.CONNTRACK_SUPPORTED));
        addFlowToTx(s, str, AclConstants.ACL_DEFAULT_PRIORITY.intValue(), arrayList, gotoInstructionInfo);
    }

    private void addEgressAllowBroadcastFlow() {
        addFlowToTx((short) 240, "Ingress_v4_Broadcast_" + this.dpId + "_Permit", AclConstants.PROTO_MATCH_PRIORITY.intValue(), AclServiceUtils.buildBroadcastIpV4Matches(AclConstants.IPV4_ALL_SUBNET_BROADCAST_ADDR), AclServiceOFFlowBuilder.getGotoInstructionInfo((short) 241));
        addFlowToTx((short) 240, "Ingress_L2_Broadcast_" + this.dpId + "_Permit", AclConstants.PROTO_L2BROADCAST_TRAFFIC_MATCH_PRIORITY.intValue(), AclServiceUtils.buildL2BroadcastMatches(), AclServiceOFFlowBuilder.getResubmitInstructionInfo((short) 220));
    }

    private void addConntrackStateRules(short s, short s2) {
        programConntrackForwardRule(AclConstants.CT_STATE_TRACKED_EXIST_PRIORITY, "Tracked_Established", 34, 55, s, s2, true);
        programConntrackForwardRule(AclConstants.CT_STATE_TRACKED_EXIST_PRIORITY, "Tracked_Related", 36, 55, s, s2, true);
    }

    private void addConntrackUntrackedRule(short s, short s2) {
        programConntrackUntrackedRule(AclConstants.CT_STATE_TRACKED_EXIST_PRIORITY, "Untracked_Related", 0, 32, s, s2);
    }

    private void programConntrackUntrackedRule(Integer num, String str, int i, int i2, short s, short s2) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NxMatchCtState(i, i2));
        arrayList.add(AclServiceUtils.buildAclConntrackClassifierTypeMatch(AclConntrackClassifierType.CONNTRACK_SUPPORTED));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new ActionNxCtClear());
        arrayList2.add(new ActionNxResubmit(s2));
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add(new InstructionApplyActions(arrayList2));
        addFlowToTx(s, "Fixed_Conntrk_Trk_" + this.dpId + "_" + str + ((int) s2), num.intValue(), arrayList, arrayList3);
    }

    private void programConntrackForwardRule(Integer num, String str, int i, int i2, short s, short s2, boolean z) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NxMatchCtState(i, i2));
        if (z) {
            arrayList.add(new NxMatchCtMark(1L, 1L));
        }
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new ActionNxCtClear());
        arrayList2.add(new ActionNxResubmit(s));
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add(new InstructionApplyActions(arrayList2));
        addFlowToTx(s2, "Fixed_Conntrk_Trk_" + this.dpId + "_" + str + ((int) s), num.intValue(), arrayList, arrayList3);
    }

    private void addEgressCtClearRule() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(MatchEthernetType.IPV4);
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add(new ActionNxCtClear());
        arrayList2.add(new InstructionApplyActions(arrayList3));
        arrayList2.add(new InstructionGotoTable((short) 240));
        addFlowToTx((short) 239, "Egress_Fixed_Ct_Clear_Table_Ipv4_" + this.dpId, AclConstants.ACL_DEFAULT_PRIORITY.intValue(), arrayList, arrayList2);
        ArrayList arrayList4 = new ArrayList();
        arrayList4.add(MatchEthernetType.IPV6);
        addFlowToTx((short) 239, "Egress_Fixed_Ct_Clear_Table_Ipv6_" + this.dpId, AclConstants.ACL_DEFAULT_PRIORITY.intValue(), arrayList4, arrayList2);
    }

    private void addFlowToTx(short s, String str, int i, List<? extends MatchInfoBase> list, List<InstructionInfo> list2) {
        FlowEntity buildFlowEntity = MDSALUtil.buildFlowEntity(this.dpId, s, str, i, str, 0, 0, AclConstants.COOKIE_ACL_BASE, list, list2);
        LOG.trace("Installing Acl default Flow:: DpnId: {}, flowId: {}, flowName: {}, tableId: {}", new Object[]{this.dpId, str, str, Short.valueOf(s)});
        this.mdsalManager.addFlow(this.tx, buildFlowEntity);
    }

    private String getTableMissFlowId(short s) {
        return String.valueOf((int) s);
    }
}
