def _get_default_flow_msgs_for_subscriber(self, imsi, ip_addr,
local_f_teid_ng):
match_in = _generate_rule_match(
imsi,
ip_addr,
0,
0,
Direction.IN,
local_f_teid_ng,
)
match_out = _generate_rule_match(
imsi,
ip_addr,
0,
0,
Direction.OUT,
local_f_teid_ng,
)
return [
flows.get_add_drop_flow_msg(
self._datapath,
self.tbl_num,
match_in,
priority=Utils.DROP_PRIORITY,
),
flows.get_add_drop_flow_msg(
self._datapath,
self.tbl_num,
match_out,
priority=Utils.DROP_PRIORITY,
),
]
def _get_classify_rule_flow_msgs(self, imsi, ip_addr, apn_ambr, flow,
rule_num, priority, qos, hard_timeout,
rule_id, app_name, app_service_type,
next_table, version, qos_mgr):
"""
Install a flow from a rule. If the flow action is DENY, then the flow
will drop the packet. Otherwise, the flow classifies the packet with
its matched rule and injects the rule num into the packet's register.
"""
flow_match = flow_match_to_magma_match(flow.match, ip_addr)
flow_match.imsi = encode_imsi(imsi)
flow_match_actions, instructions = self._get_action_for_rule(
flow, rule_num, imsi, ip_addr, apn_ambr, qos, rule_id, version,
qos_mgr)
msgs = []
if app_name:
# We have to allow initial traffic to pass through, before it gets
# classified by DPI, flow match set app_id to unclassified
flow_match.app_id = UNCLASSIFIED_PROTO_ID
parser = self._datapath.ofproto_parser
passthrough_actions = flow_match_actions + \
[parser.NXActionRegLoad2(dst=SCRATCH_REGS[1],
value=IGNORE_STATS)]
msgs.append(
flows.get_add_resubmit_current_service_flow_msg(
self._datapath,
self.tbl_num,
flow_match,
passthrough_actions,
hard_timeout=hard_timeout,
priority=self.UNCLASSIFIED_ALLOW_PRIORITY,
cookie=rule_num,
resubmit_table=next_table))
flow_match.app_id = get_app_id(
PolicyRule.AppName.Name(app_name),
PolicyRule.AppServiceType.Name(app_service_type),
)
if flow.action == flow.DENY:
msgs.append(
flows.get_add_drop_flow_msg(self._datapath,
self.tbl_num,
flow_match,
flow_match_actions,
hard_timeout=hard_timeout,
priority=priority,
cookie=rule_num))
else:
msgs.append(
flows.get_add_resubmit_current_service_flow_msg(
self._datapath,
self.tbl_num,
flow_match,
flow_match_actions,
instructions=instructions,
hard_timeout=hard_timeout,
priority=priority,
cookie=rule_num,
resubmit_table=next_table))
return msgs
def _get_default_flow_msgs_for_subscriber(self, imsi, ip_addr):
ip_match_in = get_ue_ip_match_args(ip_addr, Direction.IN)
match_in = MagmaMatch(eth_type=get_eth_type(ip_addr),
imsi=encode_imsi(imsi), **ip_match_in)
ip_match_out = get_ue_ip_match_args(ip_addr, Direction.OUT)
match_out = MagmaMatch(eth_type=get_eth_type(ip_addr),
imsi=encode_imsi(imsi), **ip_match_out)
actions = []
return [
flows.get_add_drop_flow_msg(
self._datapath, self.tbl_num, match_in, actions,
priority=Utils.DROP_PRIORITY),
flows.get_add_drop_flow_msg(
self._datapath, self.tbl_num, match_out, actions,
priority=Utils.DROP_PRIORITY)]
def _get_default_flow_msg_for_subscriber(self, imsi):
match = MagmaMatch(imsi=encode_imsi(imsi))
actions = []
return flows.get_add_drop_flow_msg(self._datapath,
self.tbl_num,
match,
actions,
priority=self.ENFORCE_DROP_PRIORITY)
def _get_default_flow_msgs(self, datapath) -> DefaultMsgsMap:
"""
Gets the default flow msg that drops traffic
Args:
datapath: ryu datapath struct
Returns:
The list of default msgs to add
"""
match = MagmaMatch()
msg = flows.get_add_drop_flow_msg(
datapath, self.tbl_num, match,
priority=flows.MINIMUM_PRIORITY,
cookie=self.DEFAULT_FLOW_COOKIE)
return {self.tbl_num: [msg]}
def _get_classify_rule_flow_msg(self, imsi, flow, rule_num, priority,
ul_qos, dl_qos, hard_timeout, rule_id):
"""
Install a flow from a rule. If the flow action is DENY, then the flow
will drop the packet. Otherwise, the flow classifies the packet with
its matched rule and injects the rule num into the packet's register.
"""
flow_match = flow_match_to_magma_match(flow.match)
flow_match.imsi = encode_imsi(imsi)
flow_match_actions = self._get_classify_rule_of_actions(
flow, rule_num, imsi, ul_qos, dl_qos, rule_id)
if flow.action == flow.DENY:
return flows.get_add_drop_flow_msg(self._datapath,
self.tbl_num,
flow_match,
flow_match_actions,
hard_timeout=hard_timeout,
priority=priority,
cookie=rule_num)
if self._enforcement_stats_scratch:
return flows.get_add_resubmit_current_service_flow_msg(
self._datapath,
self.tbl_num,
flow_match,
flow_match_actions,
hard_timeout=hard_timeout,
priority=priority,
cookie=rule_num,
resubmit_table=self._enforcement_stats_scratch)
# If enforcement stats has not claimed a scratch table, resubmit
# directly to the next app.
return flows.get_add_resubmit_next_service_flow_msg(
self._datapath,
self.tbl_num,
flow_match,
flow_match_actions,
hard_timeout=hard_timeout,
priority=priority,
cookie=rule_num,
resubmit_table=self.next_main_table)
def _install_default_flows_if_not_installed(self, datapath,
existing_flows: List[OFPFlowStats]) -> List[OFPFlowStats]:
"""
Install default flows(if not already installed) to forward the traffic,
If no other flows are matched.
Returns:
The list of flows that remain after inserting default flows
"""
match = MagmaMatch()
msg = flows.get_add_drop_flow_msg(
datapath, self.tbl_num, match,
priority=flows.MINIMUM_PRIORITY,
cookie=self.DEFAULT_FLOW_COOKIE)
msg, remaining_flows = self._msg_hub \
.filter_msgs_if_not_in_flow_list(self._datapath, [msg],
existing_flows[self.tbl_num])
if msg:
chan = self._msg_hub.send(msg, datapath)
self._wait_for_responses(chan, 1)
return {self.tbl_num: remaining_flows}
def _get_rule_match_flow_msgs(self, imsi, _, __, ip_addr, ambr, rule):
"""
Returns flow add messages used for rule matching.
"""
rule_num = self._rule_mapper.get_or_create_rule_num(rule.id)
version = self._session_rule_version_mapper.get_version(imsi, ip_addr,
rule.id)
self.logger.debug(
'Installing flow for %s with rule num %s (version %s)', imsi,
rule_num, version)
inbound_rule_match = _generate_rule_match(imsi, ip_addr, rule_num,
version, Direction.IN)
outbound_rule_match = _generate_rule_match(imsi, ip_addr, rule_num,
version, Direction.OUT)
flow_actions = [flow.action for flow in rule.flow_list]
msgs = []
if FlowDescription.PERMIT in flow_actions:
inbound_rule_match._match_kwargs[SCRATCH_REGS[1]] = PROCESS_STATS
outbound_rule_match._match_kwargs[SCRATCH_REGS[1]] = PROCESS_STATS
msgs.extend([
flows.get_add_drop_flow_msg(
self._datapath,
self.tbl_num,
inbound_rule_match,
priority=flows.DEFAULT_PRIORITY,
cookie=rule_num),
flows.get_add_drop_flow_msg(
self._datapath,
self.tbl_num,
outbound_rule_match,
priority=flows.DEFAULT_PRIORITY,
cookie=rule_num),
])
else:
inbound_rule_match._match_kwargs[SCRATCH_REGS[1]] = DROP_FLOW_STATS
outbound_rule_match._match_kwargs[SCRATCH_REGS[1]] = DROP_FLOW_STATS
msgs.extend([
flows.get_add_drop_flow_msg(
self._datapath,
self.tbl_num,
inbound_rule_match,
priority=flows.DEFAULT_PRIORITY,
cookie=rule_num),
flows.get_add_drop_flow_msg(
self._datapath,
self.tbl_num,
outbound_rule_match,
priority=flows.DEFAULT_PRIORITY,
cookie=rule_num),
])
if rule.app_name:
inbound_rule_match._match_kwargs[SCRATCH_REGS[1]] = IGNORE_STATS
outbound_rule_match._match_kwargs[SCRATCH_REGS[1]] = IGNORE_STATS
msgs.extend([
flows.get_add_drop_flow_msg(
self._datapath,
self.tbl_num,
inbound_rule_match,
priority=flows.DEFAULT_PRIORITY,
cookie=rule_num),
flows.get_add_drop_flow_msg(
self._datapath,
self.tbl_num,
outbound_rule_match,
priority=flows.DEFAULT_PRIORITY,
cookie=rule_num),
])
return msgs