def _add_resolved_route(self, vlan, ip_gw, ip_dst, eth_dst, is_updated=None):
ofmsgs = []
if is_updated is not None:
in_match = self.valve_in_match(
self.fib_table, vlan=vlan,
eth_type=self._eth_type(), nw_dst=ip_dst)
prefixlen = ipaddr.IPNetwork(ip_dst).prefixlen
priority = self.route_priority + prefixlen
if is_updated:
self.logger.info(
'Updating next hop for route %s via %s (%s)',
ip_dst, ip_gw, eth_dst)
ofmsgs.extend(self.valve_flowdel(
self.fib_table,
in_match,
priority=priority))
else:
self.logger.info(
'Adding new route %s via %s (%s)',
ip_dst, ip_gw, eth_dst)
ofmsgs.append(self.valve_flowmod(
self.fib_table,
in_match,
priority=priority,
inst=[valve_of.apply_actions(
[valve_of.set_eth_src(self.faucet_mac),
valve_of.set_eth_dst(eth_dst),
valve_of.dec_ip_ttl()])] +
[valve_of.goto_table(self.eth_dst_table)]))
now = time.time()
link_neighbor = LinkNeighbor(eth_dst, now)
neighbor_cache = self._vlan_neighbor_cache(vlan)
neighbor_cache[ip_gw] = link_neighbor
return ofmsgs
def build_output_actions(output_dict):
"""Implement actions to alter packet/output."""
output_actions = []
output_port = None
ofmsgs = []
# if destination rewriting selected, rewrite it.
if 'dl_dst' in output_dict:
output_actions.append(valve_of.set_eth_dst(output_dict['dl_dst']))
# rewrite any VLAN headers.
vlan_actions = rewrite_vlan(output_dict)
if vlan_actions:
output_actions.extend(vlan_actions)
if 'port' in output_dict:
output_port = output_dict['port']
output_actions.append(valve_of.output_port(output_port))
if 'failover' in output_dict:
failover = output_dict['failover']
group_id = failover['group_id']
buckets = []
for port in failover['ports']:
buckets.append(
valve_of.bucket(watch_port=port,
actions=[valve_of.output_port(port)]))
ofmsgs.append(valve_of.groupdel(group_id=group_id))
ofmsgs.append(valve_of.groupadd_ff(group_id=group_id, buckets=buckets))
output_actions.append(valve_of.group_act(group_id=group_id))
return (output_port, output_actions, ofmsgs)
def _add_resolved_route(self, vlan, ip_gw, ip_dst, eth_dst, is_updated=None):
ofmsgs = []
if is_updated is not None:
in_match = self.valve_in_match(
self.fib_table, vlan=vlan,
eth_type=self._eth_type(), nw_dst=ip_dst)
prefixlen = ipaddr.IPNetwork(ip_dst).prefixlen
priority = self.route_priority + prefixlen
if is_updated:
self.logger.info(
'Updating next hop for route %s via %s (%s)',
ip_dst, ip_gw, eth_dst)
ofmsgs.extend(self.valve_flowdel(
self.fib_table,
in_match,
priority=priority))
else:
self.logger.info(
'Adding new route %s via %s (%s)',
ip_dst, ip_gw, eth_dst)
ofmsgs.append(self.valve_flowmod(
self.fib_table,
in_match,
priority=priority,
inst=[valve_of.apply_actions(
[valve_of.set_eth_src(self.faucet_mac),
valve_of.set_eth_dst(eth_dst),
valve_of.dec_ip_ttl()])] +
[valve_of.goto_table(self.eth_dst_table)]))
now = time.time()
link_neighbor = LinkNeighbor(eth_dst, now)
neighbor_cache = self._vlan_neighbor_cache(vlan)
neighbor_cache[ip_gw] = link_neighbor
return ofmsgs
def _add_resolved_route(self, vlan, ip_gw, ip_dst, eth_dst, is_updated=None):
ofmsgs = []
if is_updated is not None:
in_match = self.valve_in_match(
self.fib_table, vlan=vlan,
eth_type=self._eth_type(), nw_dst=ip_dst)
prefixlen = ipaddr.IPNetwork(ip_dst).prefixlen
priority = self.route_priority + prefixlen
if is_updated:
self.logger.info(
'Updating next hop for route %s via %s (%s)',
ip_dst, ip_gw, eth_dst)
ofmsgs.extend(self.valve_flowdel(
self.fib_table,
in_match,
priority=priority))
else:
self.logger.info(
'Adding new route %s via %s (%s)',
ip_dst, ip_gw, eth_dst)
if self.use_group_table:
inst = [valve_of.apply_actions([valve_of.group_act(
group_id=self.ip_gw_to_group_id[ip_gw])])]
else:
inst = [valve_of.apply_actions([
valve_of.set_eth_src(self.faucet_mac),
valve_of.set_eth_dst(eth_dst),
valve_of.dec_ip_ttl()]),
valve_of.goto_table(self.eth_dst_table)]
ofmsgs.append(self.valve_flowmod(
self.fib_table,
in_match,
priority=priority,
inst=inst))
return ofmsgs
def _nexthop_actions(self, eth_dst, vlan):
ofmsgs = []
if self.routers:
ofmsgs.append(valve_of.set_vlan_vid(vlan.vid))
ofmsgs.extend([
valve_of.set_eth_src(self.faucet_mac),
valve_of.set_eth_dst(eth_dst),
valve_of.dec_ip_ttl()])
return ofmsgs
def build_acl_entry(rule_conf, acl_allow_inst, port_num=None, vlan_vid=None):
acl_inst = []
match_dict = {}
for attrib, attrib_value in list(rule_conf.items()):
if attrib.startswith('_') and attrib.endswith('_'):
continue
if attrib == 'in_port':
continue
if attrib == 'actions':
allow = False
allow_specified = False
if 'allow' in attrib_value:
allow_specified = True
if attrib_value['allow'] == 1:
allow = True
if 'mirror' in attrib_value:
port_no = attrib_value['mirror']
acl_inst.append(
valve_of.apply_actions([valve_of.output_port(port_no)]))
if not allow_specified:
allow = True
if 'output' in attrib_value:
output_dict = attrib_value['output']
output_actions = []
output_port = None
if 'port' in output_dict:
output_port = output_dict['port']
# if destination rewriting selected, rewrite it.
if 'dl_dst' in output_dict:
output_actions.append(
valve_of.set_eth_dst(output_dict['dl_dst']))
# rewrite any VLAN headers.
vlan_actions = rewrite_vlan(output_dict)
if vlan_actions:
output_actions.extend(vlan_actions)
# output to a port if specified.
if output_port is not None:
output_actions.append(valve_of.output_port(output_port))
acl_inst.append(valve_of.apply_actions(output_actions))
# if port specified, output packet now and exit pipeline.
if output_port is not None:
continue
if allow:
acl_inst.append(acl_allow_inst)
else:
match_dict[attrib] = attrib_value
if port_num is not None:
match_dict['in_port'] = port_num
if vlan_vid is not None:
match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid)
acl_match = valve_of.match_from_dict(match_dict)
return acl_match, acl_inst
def build_acl_entry(rule_conf, acl_allow_inst, port_num=None, vlan_vid=None):
acl_inst = []
match_dict = {}
for attrib, attrib_value in rule_conf.items():
if attrib == 'in_port':
continue
if attrib == 'actions':
allow = False
allow_specified = False
if 'allow' in attrib_value:
allow_specified = True
if attrib_value['allow'] == 1:
allow = True
if 'mirror' in attrib_value:
port_no = attrib_value['mirror']
acl_inst.append(
valve_of.apply_actions([valve_of.output_port(port_no)]))
if not allow_specified:
allow = True
# if output selected, output packet now and exit pipeline.
if 'output' in attrib_value:
output_dict = attrib_value['output']
output_actions = []
# if destination rewriting selected, rewrite it.
if 'dl_dst' in output_dict:
output_actions.append(
valve_of.set_eth_dst(output_dict['dl_dst']))
# if vlan tag is specified, push it.
if 'vlan_vid' in output_dict:
output_actions.extend(
valve_of.push_vlan_act(output_dict['vlan_vid']))
# output to port
port_no = output_dict['port']
output_actions.append(valve_of.output_port(port_no))
acl_inst.append(valve_of.apply_actions(output_actions))
continue
if allow:
acl_inst.append(acl_allow_inst)
else:
match_dict[attrib] = attrib_value
if port_num is not None:
match_dict['in_port'] = port_num
if vlan_vid is not None:
match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid)
acl_match = valve_of.match_from_dict(match_dict)
return acl_match, acl_inst
def build_acl_entry(rule_conf, acl_allow_inst, port_num=None, vlan_vid=None):
acl_inst = []
match_dict = {}
for attrib, attrib_value in rule_conf.iteritems():
if attrib == 'in_port':
continue
if attrib == 'actions':
allow = False
allow_specified = False
if 'allow' in attrib_value:
allow_specified = True
if attrib_value['allow'] == 1:
allow = True
if 'mirror' in attrib_value:
port_no = attrib_value['mirror']
acl_inst.append(
valve_of.apply_actions([valve_of.output_port(port_no)]))
if not allow_specified:
allow = True
# if output selected, output packet now and exit pipeline.
if 'output' in attrib_value:
output_dict = attrib_value['output']
output_actions = []
# if destination rewriting selected, rewrite it.
if 'dl_dst' in output_dict:
output_actions.append(
valve_of.set_eth_dst(output_dict['dl_dst']))
# if vlan tag is specified, push it.
if 'vlan_vid' in output_dict:
output_actions.extend(
valve_of.push_vlan_act(output_dict['vlan_vid']))
# output to port
port_no = output_dict['port']
output_actions.append(valve_of.output_port(port_no))
acl_inst.append(valve_of.apply_actions(output_actions))
continue
if allow:
acl_inst.append(acl_allow_inst)
else:
match_dict[attrib] = attrib_value
if port_num is not None:
match_dict['in_port'] = port_num
if vlan_vid is not None:
match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid)
acl_match = valve_of.match_from_dict(match_dict)
return acl_match, acl_inst
def _update_nexthop(self, vlan, in_port, eth_src, resolved_ip_gw):
ofmsgs = []
is_updated = None
routes = self._vlan_routes(vlan)
group_mod_method = None
group_id = None
nexthop_cache_entry = self._vlan_nexthop_cache_entry(
vlan, resolved_ip_gw)
if (nexthop_cache_entry is not None and
nexthop_cache_entry.eth_src is not None):
cached_eth_dst = nexthop_cache_entry.eth_src
if cached_eth_dst != eth_src:
is_updated = True
if self.use_group_table:
group_mod_method = valve_of.groupmod
group_id = self.ip_gw_to_group_id[resolved_ip_gw]
else:
is_updated = False
if self.use_group_table:
group_mod_method = valve_of.groupadd
group_id = self._group_id_from_ip_gw(resolved_ip_gw)
self.ip_gw_to_group_id[resolved_ip_gw] = group_id
if is_updated is not None:
if self.use_group_table:
actions = []
actions.extend([
valve_of.set_eth_src(self.faucet_mac),
valve_of.set_eth_dst(eth_src),
valve_of.dec_ip_ttl()])
if not vlan.port_is_tagged(in_port):
actions.append(valve_of.pop_vlan())
actions.append(valve_of.output_port(in_port))
ofmsgs.append(group_mod_method(
group_id=group_id,
buckets=[valve_of.bucket(actions=actions)]))
for ip_dst, ip_gw in routes.iteritems():
if ip_gw == resolved_ip_gw:
ofmsgs.extend(self._add_resolved_route(
vlan, ip_gw, ip_dst, eth_src, is_updated))
self._update_nexthop_cache(vlan, eth_src, resolved_ip_gw)
return ofmsgs
def _nexthop_actions(self, eth_dst):
return [
valve_of.set_eth_src(self.faucet_mac),
valve_of.set_eth_dst(eth_dst),
valve_of.dec_ip_ttl()
]
def _nexthop_actions(self, eth_dst):
return [
valve_of.set_eth_src(self.faucet_mac),
valve_of.set_eth_dst(eth_dst),
valve_of.dec_ip_ttl()]
