def build_inbound_rules_for(participant_id, in_policies, ss_instance, final_switch):
"Given a subset of inbound policies, return all the resulting rules."
rules = []
for policy in in_policies:
if "fwd" not in policy["action"]:
continue
port_num = policy["action"]["fwd"]
# match on the next-hop
vmac_bitmask = vmac_next_hop_mask(ss_instance)
vmac = vmac_next_hop_match(participant_id, ss_instance)
match_args = policy["match"]
match_args["eth_dst"] = (vmac, vmac_bitmask)
port_num = policy["action"]["fwd"]
new_vmac = vmac_part_port_match(participant_id, port_num, ss_instance)
actions = {"set_eth_dst":new_vmac, "fwd":[final_switch]}
rule = {"rule_type":"inbound", "priority":INBOUND_HIT_PRIORITY,
"match":match_args, "action":actions, "mod_type":"insert",
"cookie":(policy["cookie"],2**16-1)}
rules.append(rule)
return rules
def build_inbound_rules_for(participant_id, in_policies, ss_instance, final_switch):
"Given a subset of inbound policies, return all the resulting rules."
rules = []
for policy in in_policies:
if "fwd" not in policy["action"]:
continue
port_num = policy["action"]["fwd"]
# match on the next-hop
vmac_bitmask = vmac_next_hop_mask(ss_instance)
vmac = vmac_next_hop_match(participant_id, ss_instance)
match_args = policy["match"]
match_args["eth_dst"] = (vmac, vmac_bitmask)
port_num = policy["action"]["fwd"]
new_vmac = vmac_part_port_match(participant_id, port_num, ss_instance)
actions = {"set_eth_dst": new_vmac, "fwd": [final_switch]}
rule = {
"rule_type": "inbound",
"priority": INBOUND_HIT_PRIORITY,
"match": match_args,
"action": actions,
"mod_type": "insert",
"cookie": (policy["cookie"], 2 ** 16 - 1),
}
rules.append(rule)
return rules
def update_outbound_rules(sdx_msgs, policies, ss_instance, my_mac):
supersets = ss_instance.supersets
rules = []
if "outbound" not in policies:
return rules
outbound = policies["outbound"]
# map each participant to a list of our policies which forward to them
part_2_policy = {}
# build this mapping
for policy in outbound:
if "fwd" in policy["action"]:
part = int(policy["action"]["fwd"])
if part not in part_2_policy:
part_2_policy[part] = []
part_2_policy[part].append(policy)
updates = sdx_msgs["changes"]
for update in updates:
part = int(update["participant_id"])
superset_id = int(update["superset"])
bit_position = int(update["position"])
# if we have no rules regarding this participant, skip
if part not in part_2_policy:
continue
# for all policies involving this participant
for policy in part_2_policy[part]:
# vmac and mask which check if part is reachable
vmac = vmac_participant_match(superset_id, bit_position, ss_instance)
vmac_bitmask = vmac_participant_mask(bit_position, ss_instance)
# the vmac which will be written on a policy match
next_hop_mac = vmac_next_hop_match(part, ss_instance, inbound_bit=True)
match_args = policy["match"]
match_args["eth_dst"] = (vmac, vmac_bitmask)
match_args["eth_src"] = my_mac
actions = {"set_eth_dst": next_hop_mac, "fwd": ["inbound"]}
rule = {
"rule_type": "outbound",
"priority": OUTBOUND_HIT_PRIORITY,
"match": match_args,
"action": actions,
"mod_type": "insert",
"cookie": (policy["cookie"], 2 ** 16 - 1),
}
rules.append(rule)
return rules
def update_outbound_rules(sdx_msgs, policies, ss_instance, my_mac):
supersets = ss_instance.supersets
rules = []
if 'outbound' not in policies:
return rules
outbound = policies['outbound']
# map each participant to a list of our policies which forward to them
part_2_policy = {}
# build this mapping
for policy in outbound:
if "fwd" in policy["action"]:
part = int(policy["action"]["fwd"])
if part not in part_2_policy:
part_2_policy[part] = []
part_2_policy[part].append(policy)
updates = sdx_msgs["changes"]
for update in updates:
part = int(update["participant_id"])
superset_id = int(update["superset"])
bit_position = int(update["position"])
# if we have no rules regarding this participant, skip
if part not in part_2_policy:
continue
# for all policies involving this participant
for policy in part_2_policy[part]:
# vmac and mask which check if part is reachable
vmac = vmac_participant_match(superset_id, bit_position, ss_instance)
vmac_bitmask = vmac_participant_mask(bit_position, ss_instance)
# the vmac which will be written on a policy match
next_hop_mac = vmac_next_hop_match(part, ss_instance, inbound_bit = True)
match_args = policy["match"]
match_args["eth_dst"] = (vmac, vmac_bitmask)
match_args["eth_src"] = my_mac
actions = {"set_eth_dst":next_hop_mac, "fwd":["inbound"]}
rule = {"rule_type":"outbound", "priority":OUTBOUND_HIT_PRIORITY,
"match":match_args , "action":actions, "mod_type":"insert",
"cookie":(policy["cookie"],2**16-1)}
rules.append(rule)
return rules
