def tcp_udp_flows(self, vlan_id, nfvip, eth_type, nat_flows):
return (
# Learn from coprocessor port/do inbound translation.
(self.FROM_COPRO_TABLE,
parser.OFPMatch(eth_type=eth_type,
vlan_vid=vlan_id), nat_flows(nfvip)),
# Packets from coprocessor go to tuple inbound table.
(self.INTF_TABLE,
parser.OFPMatch(eth_type=eth_type,
ip_proto=socket.IPPROTO_TCP,
in_port=COPROPORT,
vlan_vid=vlan_id),
[parser.OFPInstructionGotoTable(self.FROM_COPRO_TABLE)]),
(self.INTF_TABLE,
parser.OFPMatch(eth_type=eth_type,
ip_proto=socket.IPPROTO_UDP,
in_port=COPROPORT,
vlan_vid=vlan_id),
[parser.OFPInstructionGotoTable(self.FROM_COPRO_TABLE)]),
# Packets from fake interface go outbound table.
(self.INTF_TABLE,
parser.OFPMatch(eth_type=eth_type,
ip_proto=socket.IPPROTO_TCP,
in_port=FAKEPORT,
vlan_vid=vlan_id),
[parser.OFPInstructionGotoTable(self.TO_COPRO_TABLE)]),
(self.INTF_TABLE,
parser.OFPMatch(eth_type=eth_type,
ip_proto=socket.IPPROTO_UDP,
in_port=FAKEPORT,
vlan_vid=vlan_id),
[parser.OFPInstructionGotoTable(self.TO_COPRO_TABLE)]))
def ipv4_flows(self, vlan_id, nfvip):
return (
# Program OVS to respond to ARP on fake port.
(self.TO_COPRO_TABLE,
parser.OFPMatch(eth_type=ether.ETH_TYPE_ARP,
vlan_vid=vlan_id), self.arp_reply_actions()),
(self.INTF_TABLE,
parser.OFPMatch(eth_type=ether.ETH_TYPE_ARP,
eth_src=FAKESERVERMAC,
in_port=FAKEPORT,
arp_op=arp.ARP_REQUEST,
vlan_vid=vlan_id),
[parser.OFPInstructionGotoTable(
self.TO_COPRO_TABLE)])) + self.tcp_udp_flows(
vlan_id, nfvip, ether.ETH_TYPE_IP, self.natv4_flows)
def send_req(self):
if self.ryudp:
match = parser.OFPMatch()
self.req = parser.OFPFlowStatsRequest(
self.ryudp, 0, ofp.OFPTT_ALL, ofp.OFPP_ANY, ofp.OFPG_ANY,
0, 0, match)
self.ryudp.send_msg(self.req)
def match(match_fields):
"""Return OpenFlow matches from dict.
Args:
match_fields (dict): match fields and values.
Returns:
ryu.ofproto.ofproto_v1_3_parser.OFPMatch: matches.
"""
return parser.OFPMatch(**match_fields)
def ipv6_flows(self, vlan_id, nfvip):
return (
(self.INTF_TABLE,
parser.OFPMatch(eth_type=ether.ETH_TYPE_IPV6,
vlan_vid=vlan_id,
ip_proto=socket.IPPROTO_ICMPV6,
icmpv6_type=icmpv6.ND_NEIGHBOR_SOLICIT),
self.apply_actions([parser.OFPActionOutput(
ofp.OFPP_CONTROLLER)])), ) + self.tcp_udp_flows(
vlan_id, nfvip, ether.ETH_TYPE_IPV6, self.natv6_flows)
def test_reply_ttl_invalid_message_with_rate_limit(self):
pkt = packet.Packet()
pkt.add_protocol(ethernet.ethernet(dst='aa:bb:cc:dd:ee:ff'))
pkt.add_protocol(ipv4.ipv4(proto=in_proto.IPPROTO_UDP))
pkt.add_protocol(udp.udp())
pkt.serialize()
lswitch = l2.LogicalSwitch(
id='lswitch1',
topic='topic1',
unique_key=9,
version=1,
)
self.app.db_store.update(lswitch)
lrouter = l3.LogicalRouter(
id='lrouter1',
topic='topic1',
version=1,
unique_key=22,
ports=[
l3.LogicalRouterPort(
id='lrouter1-port1',
unique_key=55,
topic='topic1',
mac='aa:bb:cc:dd:ee:ff',
network='10.0.0.1/24',
lswitch='lswitch1',
),
],
)
self.app.db_store.update(lrouter)
event = ofp_event.EventOFPMsgBase(msg=ofproto_parser.OFPPacketIn(
datapath=mock.Mock(),
reason=self.app.ofproto.OFPR_INVALID_TTL,
match=ofproto_parser.OFPMatch(
metadata=lswitch.unique_key,
reg5=lrouter.unique_key,
),
data=pkt.data,
))
with mock.patch("dragonflow.controller.common."
"icmp_error_generator.generate") as icmp_error:
for _ in range(self.app.conf.router_ttl_invalid_max_rate * 2):
self.app.packet_in_handler(event)
self.assertEqual(self.app.conf.router_ttl_invalid_max_rate,
icmp_error.call_count)
icmp_error.assert_called_with(icmp.ICMP_TIME_EXCEEDED,
icmp.ICMP_TTL_EXPIRED_CODE, mock.ANY,
"10.0.0.1", mock.ANY)
def match_from_dict(match_dict):
"""Parse a match dict into a OFPMatch object"""
kwargs = {}
for of_match, field in match_dict.items():
of_match = OLD_MATCH_FIELDS.get(of_match, of_match)
test_config_condition(of_match not in MATCH_FIELDS,
'Unknown match field: %s' % of_match)
try:
encoded_field = MATCH_FIELDS[of_match](field)
except TypeError as type_error:
raise InvalidConfigError('%s cannot be type %s' %
(of_match, type(field))) from type_error
kwargs[of_match] = encoded_field
return parser.OFPMatch(**kwargs)
def test_reply_icmp_unreachable_with_rate_limit(self):
pkt = packet.Packet()
pkt.add_protocol(ethernet.ethernet(dst='aa:bb:cc:dd:ee:ff'))
pkt.add_protocol(ipv4.ipv4(dst='10.0.0.1', proto=in_proto.IPPROTO_UDP))
pkt.add_protocol(udp.udp())
pkt.serialize()
lrouter = l3.LogicalRouter(
id='lrouter1',
topic='topic1',
version=1,
unique_key=22,
ports=[
l3.LogicalRouterPort(
id='lrouter1-port1',
unique_key=55,
topic='topic1',
mac='aa:bb:cc:dd:ee:ff',
network='10.0.0.1/24',
),
],
)
self.app.db_store.update(lrouter)
event = ofp_event.EventOFPMsgBase(msg=ofproto_parser.OFPPacketIn(
datapath=mock.Mock(),
reason=self.app.ofproto.OFPR_PACKET_IN,
match=ofproto_parser.OFPMatch(reg7=lrouter.ports[0].unique_key, ),
data=pkt.data,
))
with mock.patch("dragonflow.controller.common."
"icmp_error_generator.generate") as icmp_error:
for _ in range(self.app.conf.router_port_unreach_max_rate * 2):
self.app.packet_in_handler(event)
self.assertEqual(self.app.conf.router_port_unreach_max_rate,
icmp_error.call_count)
icmp_error.assert_called_with(icmp.ICMP_DEST_UNREACH,
icmp.ICMP_PORT_UNREACH_CODE,
pkt.data,
pkt=mock.ANY)
def generate_all_matches():
"""
Generate all OpenFlow Extensible Matches (oxm) and return
a single OFPMatch with all of these oxms. The value for each
oxm is the largest value possible for the data type. For
example, the largest number for a 4 bit int is 15.
"""
matches = dict()
for oxm_type in ofproto.oxm_types:
if oxm_type.type == type_desc.MacAddr:
value = 'ff:ff:ff:ff:ff:ff'
elif oxm_type.type == type_desc.IPv4Addr:
value = '255.255.255.255'
elif oxm_type.type == type_desc.IPv6Addr:
value = 'ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff'
elif isinstance(oxm_type.type, type_desc.IntDescr):
value = 2**oxm_type.type.size - 1
else:
continue
matches[oxm_type.name] = value
return parser.OFPMatch(**matches)
