def update_outbound_rules(sdx_msgs, policies, ss_instance, my_mac):
supersets = ss_instance.supersets
rules = []
if "outbound" not in policies:
return rules
outbound = policies["outbound"]
# map each participant to a list of our policies which forward to them
part_2_policy = {}
# build this mapping
for policy in outbound:
if "fwd" in policy["action"]:
part = int(policy["action"]["fwd"])
if part not in part_2_policy:
part_2_policy[part] = []
part_2_policy[part].append(policy)
updates = sdx_msgs["changes"]
for update in updates:
part = int(update["participant_id"])
superset_id = int(update["superset"])
bit_position = int(update["position"])
# if we have no rules regarding this participant, skip
if part not in part_2_policy:
continue
# for all policies involving this participant
for policy in part_2_policy[part]:
# vmac and mask which check if part is reachable
vmac = vmac_participant_match(superset_id, bit_position, ss_instance)
vmac_bitmask = vmac_participant_mask(bit_position, ss_instance)
# the vmac which will be written on a policy match
next_hop_mac = vmac_next_hop_match(part, ss_instance, inbound_bit=True)
match_args = policy["match"]
match_args["eth_dst"] = (vmac, vmac_bitmask)
match_args["eth_src"] = my_mac
actions = {"set_eth_dst": next_hop_mac, "fwd": ["inbound"]}
rule = {
"rule_type": "outbound",
"priority": OUTBOUND_HIT_PRIORITY,
"match": match_args,
"action": actions,
"mod_type": "insert",
"cookie": (policy["cookie"], 2 ** 16 - 1),
}
rules.append(rule)
return rules
def update_outbound_rules(sdx_msgs, policies, ss_instance, my_mac):
supersets = ss_instance.supersets
rules = []
if 'outbound' not in policies:
return rules
outbound = policies['outbound']
# map each participant to a list of our policies which forward to them
part_2_policy = {}
# build this mapping
for policy in outbound:
if "fwd" in policy["action"]:
part = int(policy["action"]["fwd"])
if part not in part_2_policy:
part_2_policy[part] = []
part_2_policy[part].append(policy)
updates = sdx_msgs["changes"]
for update in updates:
part = int(update["participant_id"])
superset_id = int(update["superset"])
bit_position = int(update["position"])
# if we have no rules regarding this participant, skip
if part not in part_2_policy:
continue
# for all policies involving this participant
for policy in part_2_policy[part]:
# vmac and mask which check if part is reachable
vmac = vmac_participant_match(superset_id, bit_position, ss_instance)
vmac_bitmask = vmac_participant_mask(bit_position, ss_instance)
# the vmac which will be written on a policy match
next_hop_mac = vmac_next_hop_match(part, ss_instance, inbound_bit = True)
match_args = policy["match"]
match_args["eth_dst"] = (vmac, vmac_bitmask)
match_args["eth_src"] = my_mac
actions = {"set_eth_dst":next_hop_mac, "fwd":["inbound"]}
rule = {"rule_type":"outbound", "priority":OUTBOUND_HIT_PRIORITY,
"match":match_args , "action":actions, "mod_type":"insert",
"cookie":(policy["cookie"],2**16-1)}
rules.append(rule)
return rules
def build_outbound_rules_for(out_policies, ss_instance, my_mac):
"Given a subset of outbound policies, return all the resulting rules."
rules = []
part_2_superset = {}
for ss_id, superset in enumerate(ss_instance.supersets):
for part_index, part in enumerate(superset):
if part not in part_2_superset:
part_2_superset[part] = []
part_2_superset.append((ss_id, part_index))
for policy in out_policies:
if "fwd" not in policy["action"]:
continue
part = policy["action"]["fwd"]
for ss_id, part_index in part_2_superset[part]:
vmac = vmac_participant_match(ss_id, part_index, ss_instance)
vmac_bitmask = vmac_participant_mask(part_index, ss_instance)
match_args = policy["match"]
match_args["eth_dst"] = (vmac, vmac_bitmask)
match_args["eth_src"] = my_mac
actions = {"set_eth_dst": next_hop_mac, "fwd": ["inbound"]}
rule = {
"rule_type": "outbound",
"priority": OUTBOUND_HIT_PRIORITY,
"match": match_args,
"action": actions,
"mod_type": "insert",
"cookie": (policy["cookie"], 2 ** 16 - 1),
}
rules.append(rule)
return rules
def build_outbound_rules_for(out_policies, ss_instance, my_mac):
"Given a subset of outbound policies, return all the resulting rules."
rules = []
part_2_superset = {}
for ss_id, superset in enumerate(ss_instance.supersets):
for part_index, part in enumerate(superset):
if part not in part_2_superset:
part_2_superset[part] = []
part_2_superset.append((ss_id, part_index))
for policy in out_policies:
if "fwd" not in policy["action"]:
continue
part = policy["action"]["fwd"]
for ss_id, part_index in part_2_superset[part]:
vmac = vmac_participant_match(ss_id, part_index, ss_instance)
vmac_bitmask = vmac_participant_mask(part_index, ss_instance)
match_args = policy["match"]
match_args["eth_dst"] = (vmac, vmac_bitmask)
match_args["eth_src"] = my_mac
actions = {"set_eth_dst": next_hop_mac, "fwd": ["inbound"]}
rule = {
"rule_type": "outbound",
"priority": OUTBOUND_HIT_PRIORITY,
"match": match_args,
"action": actions,
"mod_type": "insert",
"cookie": (policy["cookie"], 2**16 - 1)
}
rules.append(rule)
return rules