def build(self, meters, vid, port_num): """Check that ACL can be built from config.""" class NullRyuDatapath: """Placeholder Ryu Datapath.""" ofproto = valve_of.ofp self.matches = {} self.set_fields = set() self.meter = False if self.rules: try: ofmsgs = valve_acl.build_acl_ofmsgs( [self], wildcard_table, valve_of.goto_table(wildcard_table), valve_of.goto_table(wildcard_table), 2**16 - 1, meters, self.exact_match, vlan_vid=vid, port_num=port_num) except (netaddr.core.AddrFormatError, KeyError, ValueError) as err: raise InvalidConfigError(err) test_config_condition(not ofmsgs, 'OF messages is empty') for ofmsg in ofmsgs: ofmsg.datapath = NullRyuDatapath() ofmsg.set_xid(0) try: ofmsg.serialize() except (KeyError, ValueError) as err: raise InvalidConfigError(err) except Exception as err: print(ofmsg) raise err if valve_of.is_flowmod(ofmsg): apply_actions = [] for inst in ofmsg.instructions: if valve_of.is_apply_actions(inst): apply_actions.extend(inst.actions) elif valve_of.is_meter(inst): self.meter = True for action in apply_actions: if valve_of.is_set_field(action): self.set_fields.add(action.key) for match, value in list(ofmsg.match.items()): has_mask = isinstance(value, (tuple, list)) if has_mask or match not in self.matches: self.matches[match] = has_mask return (self.matches, self.set_fields, self.meter)
def build(self, meters, vid, port_num): """Check that ACL can be built from config.""" class NullRyuDatapath: """Placeholder Ryu Datapath.""" ofproto = valve_of.ofp self.matches = {} self.set_fields = set() self.meter = False if self.rules: try: ofmsgs = valve_acl.build_acl_ofmsgs( [self], wildcard_table, [valve_of.goto_table(wildcard_table)], [valve_of.goto_table(wildcard_table)], 2**16-1, meters, self.exact_match, vlan_vid=vid, port_num=port_num) except (netaddr.core.AddrFormatError, KeyError, ValueError) as err: raise InvalidConfigError(err) test_config_condition(not ofmsgs, 'OF messages is empty') for ofmsg in ofmsgs: ofmsg.datapath = NullRyuDatapath() ofmsg.set_xid(0) try: ofmsg.serialize() except (KeyError, ValueError) as err: raise InvalidConfigError(err) except Exception as err: print(ofmsg) raise err if valve_of.is_flowmod(ofmsg): apply_actions = [] for inst in ofmsg.instructions: if valve_of.is_apply_actions(inst): apply_actions.extend(inst.actions) elif valve_of.is_meter(inst): self.meter = True for action in apply_actions: if valve_of.is_set_field(action): self.set_fields.add(action.key) for match, value in ofmsg.match.items(): has_mask = isinstance(value, (tuple, list)) if has_mask or match not in self.matches: self.matches[match] = has_mask return (self.matches, self.set_fields, self.meter)
def build_acl(acl, vid): """Check that ACL can be built from config and mark mirror destinations.""" matches = {} set_fields = set() meter = False if acl.rules: try: ofmsgs = valve_acl.build_acl_ofmsgs( [acl], self.wildcard_table, valve_of.goto_table(self.wildcard_table), valve_of.goto_table(self.wildcard_table), 2**16 - 1, self.meters, acl.exact_match, vlan_vid=vid) except (netaddr.core.AddrFormatError, KeyError, ValueError) as err: raise InvalidConfigError(err) test_config_condition(not ofmsgs, 'OF messages is empty') for ofmsg in ofmsgs: ofmsg.datapath = NullRyuDatapath() ofmsg.set_xid(0) try: ofmsg.serialize() except (KeyError, ValueError) as err: raise InvalidConfigError(err) if valve_of.is_flowmod(ofmsg): apply_actions = [] for inst in ofmsg.instructions: if valve_of.is_apply_actions(inst): apply_actions.extend(inst.actions) elif valve_of.is_meter(inst): meter = True for action in apply_actions: if valve_of.is_set_field(action): set_fields.add(action.key) for match, value in list(ofmsg.match.items()): has_mask = isinstance(value, (tuple, list)) if has_mask or match not in matches: matches[match] = has_mask for port_no in mirror_destinations: port = self.ports[port_no] port.output_only = True return (matches, set_fields, meter)
def _trim_actions(self, actions): new_actions = [] pending_actions = [] for action in actions: if action.type in (valve_of.ofp.OFPAT_GROUP, valve_of.ofp.OFPAT_OUTPUT): new_actions.extend(pending_actions) new_actions.append(action) pending_actions = [] else: pending_actions.append(action) set_fields = { action.key for action in new_actions if valve_of.is_set_field(action) } if self.table_id != valve_of.ofp.OFPTT_ALL and set_fields: assert set_fields.issubset(self.set_fields), ( 'unexpected set fields %s configured %s in %s' % (set_fields, self.set_fields, self.name)) return new_actions
def _trim_actions(self, actions): new_actions = [] pending_actions = [] for action in actions: if action.type in (valve_of.ofp.OFPAT_GROUP, valve_of.ofp.OFPAT_OUTPUT): new_actions.extend(pending_actions) new_actions.append(action) pending_actions = [] else: pending_actions.append(action) if self.table_id != valve_of.ofp.OFPTT_ALL: set_fields = { action.key for action in new_actions if valve_of.is_set_field(action) } assert not set_fields or set_fields.issubset(self.set_fields), ( f'unexpected set fields {set_fields} configured {self.set_fields} in {self.name}' ) return new_actions
def build(self, meters, vid, port_num): """Check that ACL can be built from config.""" self.matches = {} self.set_fields = set() self.meter = False if self.rules: try: ofmsgs = valve_acl.build_acl_ofmsgs( [self], wildcard_table, [valve_of.goto_table(wildcard_table)], [valve_of.goto_table(wildcard_table)], 2**16-1, meters, self.exact_match, vlan_vid=vid, port_num=port_num) except (netaddr.core.AddrFormatError, KeyError, ValueError) as err: raise InvalidConfigError from err test_config_condition(not ofmsgs, 'OF messages is empty') for ofmsg in ofmsgs: try: valve_of.verify_flowmod(ofmsg) except (KeyError, ValueError) as err: raise InvalidConfigError from err except Exception as err: raise err if valve_of.is_flowmod(ofmsg): apply_actions = [] for inst in ofmsg.instructions: if valve_of.is_apply_actions(inst): apply_actions.extend(inst.actions) elif valve_of.is_meter(inst): self.meter = True for action in apply_actions: if valve_of.is_set_field(action): self.set_fields.add(action.key) for match, value in ofmsg.match.items(): has_mask = isinstance(value, (tuple, list)) if has_mask or match not in self.matches: self.matches[match] = has_mask for tunnel_rules in self.tunnel_dests.values(): if 'exit_instructions' in tunnel_rules: exit_inst = tunnel_rules['exit_instructions'] try: ofmsgs = valve_acl.build_tunnel_ofmsgs( exit_inst, wildcard_table, 1) except (netaddr.core.AddrFormatError, KeyError, ValueError) as err: raise InvalidConfigError from err test_config_condition(not ofmsgs, 'OF messages is empty') for ofmsg in ofmsgs: try: valve_of.verify_flowmod(ofmsg) except (KeyError, ValueError) as err: raise InvalidConfigError from err except Exception as err: raise err if valve_of.is_flowmod(ofmsg): apply_actions = [] for inst in ofmsg.instructions: if valve_of.is_apply_actions(inst): apply_actions.extend(inst.actions) elif valve_of.is_meter(inst): self.meter = True for action in apply_actions: if valve_of.is_set_field(action): self.set_fields.add(action.key) for match, value in ofmsg.match.items(): has_mask = isinstance(value, (tuple, list)) if has_mask or match not in self.matches: self.matches[match] = has_mask return (self.matches, self.set_fields, self.meter)