Exemple #1
0
def update_outbound_rules(sdx_msgs, policies, ss_instance, my_mac):
    supersets = ss_instance.supersets

    rules = []
    if "outbound" not in policies:
        return rules

    outbound = policies["outbound"]

    # map each participant to a list of our policies which forward to them
    part_2_policy = {}

    # build this mapping
    for policy in outbound:
        if "fwd" in policy["action"]:
            part = int(policy["action"]["fwd"])
            if part not in part_2_policy:
                part_2_policy[part] = []
            part_2_policy[part].append(policy)

    updates = sdx_msgs["changes"]

    for update in updates:
        part = int(update["participant_id"])
        superset_id = int(update["superset"])
        bit_position = int(update["position"])

        # if we have no rules regarding this participant, skip
        if part not in part_2_policy:
            continue

        # for all policies involving this participant
        for policy in part_2_policy[part]:

            # vmac and mask which check if part is reachable
            vmac = vmac_participant_match(superset_id, bit_position, ss_instance)
            vmac_bitmask = vmac_participant_mask(bit_position, ss_instance)

            # the vmac which will be written on a policy match
            next_hop_mac = vmac_next_hop_match(part, ss_instance, inbound_bit=True)

            match_args = policy["match"]
            match_args["eth_dst"] = (vmac, vmac_bitmask)
            match_args["eth_src"] = my_mac

            actions = {"set_eth_dst": next_hop_mac, "fwd": ["inbound"]}

            rule = {
                "rule_type": "outbound",
                "priority": OUTBOUND_HIT_PRIORITY,
                "match": match_args,
                "action": actions,
                "mod_type": "insert",
                "cookie": (policy["cookie"], 2 ** 16 - 1),
            }
            rules.append(rule)

    return rules
Exemple #2
0
def update_outbound_rules(sdx_msgs, policies, ss_instance, my_mac):
    supersets = ss_instance.supersets

    rules = []
    if 'outbound' not in policies:
        return rules

    outbound = policies['outbound']

    # map each participant to a list of our policies which forward to them
    part_2_policy = {}

    # build this mapping
    for policy in outbound:
        if "fwd" in policy["action"]:
            part = int(policy["action"]["fwd"])
            if part not in part_2_policy:
                part_2_policy[part] = []
            part_2_policy[part].append(policy)



    updates = sdx_msgs["changes"]

    for update in updates:
        part = int(update["participant_id"])
        superset_id = int(update["superset"])
        bit_position = int(update["position"])

        # if we have no rules regarding this participant, skip
        if part not in part_2_policy:
            continue

        # for all policies involving this participant
        for policy in part_2_policy[part]:

            # vmac and mask which check if part is reachable
            vmac = vmac_participant_match(superset_id, bit_position, ss_instance)
            vmac_bitmask = vmac_participant_mask(bit_position, ss_instance)

            # the vmac which will be written on a policy match
            next_hop_mac = vmac_next_hop_match(part, ss_instance, inbound_bit = True)

            match_args = policy["match"]
            match_args["eth_dst"] = (vmac, vmac_bitmask)
            match_args["eth_src"] = my_mac

            actions = {"set_eth_dst":next_hop_mac, "fwd":["inbound"]}

            rule = {"rule_type":"outbound", "priority":OUTBOUND_HIT_PRIORITY,
                    "match":match_args , "action":actions, "mod_type":"insert",
                    "cookie":(policy["cookie"],2**16-1)}
            rules.append(rule)

    return rules
Exemple #3
0
def build_outbound_rules_for(out_policies, ss_instance, my_mac):
    "Given a subset of outbound policies, return all the resulting rules."

    rules = []

    part_2_superset = {}
    for ss_id, superset in enumerate(ss_instance.supersets):
        for part_index, part in enumerate(superset):

            if part not in part_2_superset:
                part_2_superset[part] = []

            part_2_superset.append((ss_id, part_index))

    for policy in out_policies:
        if "fwd" not in policy["action"]:
            continue

        part = policy["action"]["fwd"]

        for ss_id, part_index in part_2_superset[part]:
            vmac = vmac_participant_match(ss_id, part_index, ss_instance)
            vmac_bitmask = vmac_participant_mask(part_index, ss_instance)

            match_args = policy["match"]
            match_args["eth_dst"] = (vmac, vmac_bitmask)
            match_args["eth_src"] = my_mac

            actions = {"set_eth_dst": next_hop_mac, "fwd": ["inbound"]}

            rule = {
                "rule_type": "outbound",
                "priority": OUTBOUND_HIT_PRIORITY,
                "match": match_args,
                "action": actions,
                "mod_type": "insert",
                "cookie": (policy["cookie"], 2 ** 16 - 1),
            }

            rules.append(rule)

        return rules
Exemple #4
0
def build_outbound_rules_for(out_policies, ss_instance, my_mac):
    "Given a subset of outbound policies, return all the resulting rules."

    rules = []

    part_2_superset = {}
    for ss_id, superset in enumerate(ss_instance.supersets):
        for part_index, part in enumerate(superset):

            if part not in part_2_superset:
                part_2_superset[part] = []

            part_2_superset.append((ss_id, part_index))

    for policy in out_policies:
        if "fwd" not in policy["action"]:
            continue

        part = policy["action"]["fwd"]

        for ss_id, part_index in part_2_superset[part]:
            vmac = vmac_participant_match(ss_id, part_index, ss_instance)
            vmac_bitmask = vmac_participant_mask(part_index, ss_instance)

            match_args = policy["match"]
            match_args["eth_dst"] = (vmac, vmac_bitmask)
            match_args["eth_src"] = my_mac

            actions = {"set_eth_dst": next_hop_mac, "fwd": ["inbound"]}

            rule = {
                "rule_type": "outbound",
                "priority": OUTBOUND_HIT_PRIORITY,
                "match": match_args,
                "action": actions,
                "mod_type": "insert",
                "cookie": (policy["cookie"], 2**16 - 1)
            }

            rules.append(rule)

        return rules