def concrete2pyretic(self, raw_pkt):
packet = get_packet_processor().unpack(raw_pkt['raw'])
packet['raw'] = raw_pkt['raw']
packet['switch'] = raw_pkt['switch']
packet['inport'] = raw_pkt['inport']
def convert(h, val):
if h in ['srcmac', 'dstmac']:
return MAC(val)
elif h in ['srcip', 'dstip']:
return IP(val)
else:
return val
try:
vlan_id = packet['vlan_id']
vlan_pcp = packet['vlan_pcp']
extended_values = self.decode_extended_values(vlan_id, vlan_pcp)
except KeyError:
extended_values = util.frozendict()
pyretic_packet = Packet(extended_values)
d = {
h: convert(h, v)
for (h, v) in packet.items() if not h in ['vlan_id', 'vlan_pcp']
}
return pyretic_packet.modifymany(d)
def extended_values_from(packet):
extended_values = {}
for k, v in packet.header.items():
if k not in basic_headers + content_headers and v:
extended_values[k] = v
elif v and len(v) > 1:
extended_values[k] = v[1:]
return util.frozendict(extended_values)
def extended_values_from(packet):
extended_values = {}
for k, v in packet.header.items():
if k not in basic_headers + content_headers and v:
extended_values[k] = v
elif v and len(v) > 1:
extended_values[k] = v[1:]
return util.frozendict(extended_values)
def __init__(self, *args, **kwargs):
init_map = {}
for (k, v) in dict(*args, **kwargs).iteritems():
if v is not None:
patterntype = field_patterntype(k)
pattern_to_match = patterntype(v)
init_map[k] = pattern_to_match
else:
init_map[k] = None
self.map = util.frozendict(init_map)
super(match,self).__init__()
def __init__(self, *args, **kwargs):
init_map = {}
for (k, v) in dict(*args, **kwargs).iteritems():
if v is not None:
patterntype = field_patterntype(k)
pattern_to_match = patterntype(v)
init_map[k] = pattern_to_match
else:
init_map[k] = None
self.map = util.frozendict(init_map)
super(match, self).__init__()
def __init__(self, *args, **kwargs):
#self.trace = simpleLogger.geTracePyretic()
init_map = {}
for (k, v) in dict(*args, **kwargs).iteritems():
if v is not None:
patterntype = field_patterntype(k)
pattern_to_match = patterntype(v)
init_map[k] = pattern_to_match
else:
init_map[k] = None
self.map = util.frozendict(init_map)
#self.trace("patterns to match: %s\n" % self.map, True) # hph
super(match,self).__init__()
def __init__(self, *args, **kwargs):
def _get_processed_map(*args, **kwargs):
map_dict = dict(*args, **kwargs)
for field in ['srcip', 'dstip']:
try:
val = map_dict[field]
map_dict.update({field: util.string_to_network(val)})
except KeyError:
pass
return map_dict
if len(args) == 0 and len(kwargs) == 0:
raise TypeError
self.map = util.frozendict(_get_processed_map(*args, **kwargs))
self._classifier = self.generate_classifier()
super(match,self).__init__()
def concrete2pyretic(self,packet):
def convert(h,val):
if h in ['srcmac','dstmac']:
return MAC(val)
elif h in ['srcip','dstip']:
return IP(val)
else:
return val
try:
vlan_id = packet['vlan_id']
vlan_pcp = packet['vlan_pcp']
extended_values = self.decode_extended_values(vlan_id, vlan_pcp)
except KeyError:
extended_values = util.frozendict()
pyretic_packet = Packet(extended_values)
d = { h : convert(h,v) for (h,v) in packet.items() if not h in ['vlan_id','vlan_pcp'] }
return pyretic_packet.pushmany(d)
def concrete2pyretic(self, packet):
def convert(h, val):
if h in ['srcmac', 'dstmac']:
return MAC(val)
elif h in ['srcip', 'dstip']:
return IP(val)
else:
return val
try:
vlan_id = packet['vlan_id']
vlan_pcp = packet['vlan_pcp']
extended_values = self.decode_extended_values(vlan_id, vlan_pcp)
except KeyError:
extended_values = util.frozendict()
pyretic_packet = Packet(extended_values)
d = {
h: convert(h, v)
for (h, v) in packet.items() if not h in ['vlan_id', 'vlan_pcp']
}
return pyretic_packet.modifymany(d)
def concrete2pyretic(self,raw_pkt):
packet = get_packet_processor().unpack(raw_pkt['raw'])
packet['raw'] = raw_pkt['raw']
packet['switch'] = raw_pkt['switch']
packet['inport'] = raw_pkt['inport']
def convert(h,val):
if h in ['srcmac','dstmac']:
return MAC(val)
elif h in ['srcip','dstip']:
return IP(val)
else:
return val
try:
vlan_id = packet['vlan_id']
vlan_pcp = packet['vlan_pcp']
extended_values = self.decode_extended_values(vlan_id, vlan_pcp)
except KeyError:
extended_values = util.frozendict()
pyretic_packet = Packet(extended_values)
d = { h : convert(h,v) for (h,v) in packet.items() if not h in ['vlan_id','vlan_pcp'] }
return pyretic_packet.modifymany(d)
def __init__(self, *args, **kwargs):
if len(args) == 0 and len(kwargs) == 0:
raise TypeError
self.map = util.frozendict(dict(*args, **kwargs))
self._classifier = self.generate_classifier()
super(match,self).__init__()
def __init__(self, state={}):
self.header = util.frozendict(state)
def extended_values_from(packet):
extended_values = {}
for k, v in packet.header.items():
if k not in basic_headers + content_headers + location_headers and v:
extended_values[k] = v
return util.frozendict(extended_values)
def get_count_key(pkt):
predwise_count_key = ['ethtype', 'srcip', 'dstip', 'switch', 'port']
return util.frozendict({k: pkt[k] for k in predwise_count_key})
def __init__(self, state={}):
self.header = util.frozendict(state)
def nf_to_pyretic(self, nf_line):
""" Parse one line of netflow/sflow output and return a pyretic
`Packet`-like structure for evaluation by pyretic policies.
"""
cls = self.__class__
def convert(h,val):
if h in ['srcmac','dstmac']:
return MAC(val)
elif h in ['srcip','dstip']:
try:
return IP(val)
except: # IPv6 packets are not processed well in the IP class
return val
elif h in ['packets', 'bytes', 'flows', 'port', 'vlan_id',
'srcport', 'dstport']:
return int(float(val))
elif h in ['protocol']:
return int(val)
elif h in ['bps', 'Bpp']:
return float(val)
else:
return val
def parse_line(l):
parts = l.split()[3:]
order = ['switch', 'protocol', 'srcip', 'dstip', 'srcport',
'dstport', 'vlan_id', 'srcmac', 'dstmac', 'port',
'packets','bytes', 'bps', 'Bpp', 'flows']
headers = {}
for i in range(0, len(order)):
headers[order[i]] = parts[i]
'''
TODO(): There doesn't seem to be a way to figure out the ethertype
of a packet from nfdump. The manpage doesn't give any hints, and it
is documented that this was an issue as recently as 2014: see
http://sourceforge.net/p/nfdump/mailman/message/33085997/ So we just
set it automatically to IP.
'''
headers['ethtype'] = 2048
return headers
def adjust_location(headers):
imap = cls.intfs_map
if headers['port'] in cls.intfs_map:
(sw, port, _) = cls.intfs_map[headers['port']]
headers.update({'switch': sw, 'port': port})
return headers
def process_vlan(headers):
'''The returned VLAN label from nfdump tools is actually a 2 byte
combination of the VLAN id (12 bits), a CFI bit, and the VLAN
priority (3 bits) which are arranged in that order from least
to most significant bits (see [1-4] below).
Given that netflow/IPFIX export this information, and that nfcapd
output format remains consistent across netflow and sflow, I believe
that sflow captures should be no different. @ngsrinivas
[1] ipfix RFC. http://tools.ietf.org/html/rfc5102#section-5.6.3
[2] Table 6, netflow V9 record format.
http://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9.html
[3] VLAN tag frame format https://wiki.wireshark.org/VLAN
[4] libnfread: read netflow records from nfcapd output files.
https://github.com/switch-ch/nfdump-libnfread/blob/master/bin/pcaproc.c#L416
(see https://github.com/switch-ch/nfdump-libnfread)
'''
if 'vlan_id' in headers:
tag = headers['vlan_id']
headers.update({'vlan_id': tag & 0xfff,
'vlan_pcp': ((tag & 0xf000) >> 13) & 7,
'vlan_cfi': ((tag & 0xf000) >> 12) & 1})
return headers
h1 = parse_line(nf_line.strip())
h2 = { h : convert(h,v) for (h,v) in h1.items() }
h3 = adjust_location(h2)
h4 = process_vlan(h3)
h4['raw'] = 'junk'
pyretic_pkt = Packet(util.frozendict())
return pyretic_pkt.modifymany(h4)
