def process_policy_changes(self, change_info): "Process the changes in participants' policies" # TODO: Implement the logic of dynamically changing participants' outbound and inbound policy ''' change_info = { 'removal_cookies' : [cookie1, ...], # Cookies of deleted policies 'new_policies' : { <policy file format> } } ''' # remove flow rules for the old policies removal_msgs = [] ''' for cookie in change_info['removal_cookies']: mod = {"rule_type":"outbound", "priority":0, "match":match_args , "action":{}, "cookie":cookie, "mod_type":"remove"} removal_msgs.append(mod) ''' self.dp_queued.extend(removal_msgs) # add flow rules for the new policies if self.cfg.isSupersetsMode(): dp_msgs = ss_process_policy_change(self.supersets, add_policies, remove_policies, policies, self.port_count, self.port0_mac) else: dp_msgs = [] self.dp_queued.extend(dp_msgs) self.push_dp() return 0
def process_policy_changes(self, change_info): if not self.cfg.isSupersetsMode(): self.logger.warn( 'Dynamic policy updates only supported in SuperSet mode') return # First step towards a less brute force approach: Handle removals without having to remove everything if 'removal_cookies' in change_info: cookies = change_info['removal_cookies'] removed_in_cookies = self.remove_policies_by_cookies( cookies, 'inbound') self.queue_flow_removals(removed_in_cookies, 'inbound') removed_out_cookies = self.remove_policies_by_cookies( cookies, 'outbound') self.queue_flow_removals(removed_out_cookies, 'outbound') if not 'new_policies' in change_info: self.push_dp() return # Remainder of this method is brute force approach: wipe everything and re-do it # This should be replaced by a more fine grained approach self.logger.debug("Wiping outbound rules.") wipe_msgs = msg_clear_all_outbound(self.policies, self.port0_mac) self.dp_queued.extend(wipe_msgs) self.logger.debug("pre-updated policies: " + json.dumps(self.policies)) if 'removal_cookies' in change_info: cookies = change_info['removal_cookies'] self.remove_policies_by_cookies(cookies, 'inbound') self.remove_policies_by_cookies(cookies, 'outbound') if 'new_policies' in change_info: new_policies = change_info['new_policies'] self.sanitize_policies(new_policies) self.update_policies(new_policies, 'inbound') self.update_policies(new_policies, 'outbound') self.logger.debug("updated policies: " + json.dumps(self.policies)) self.logger.debug("pre-recomputed supersets: " + json.dumps(self.supersets.supersets)) self.initialize_dataplane() self.push_dp() # Send gratuitous ARP responses for all garp_required_vnhs = self.VNH_2_prefix.keys() for vnh in garp_required_vnhs: self.process_arp_request(None, vnh) return # Original code below... "Process the changes in participants' policies" # TODO: Implement the logic of dynamically changing participants' outbound and inbound policy ''' change_info = { 'removal_cookies' : [cookie1, ...], # Cookies of deleted policies 'new_policies' : { <policy file format> } } ''' # remove flow rules for the old policies removal_msgs = [] ''' for cookie in change_info['removal_cookies']: mod = {"rule_type":"outbound", "priority":0, "match":match_args , "action":{}, "cookie":cookie, "mod_type":"remove"} removal_msgs.append(mod) ''' self.dp_queued.extend(removal_msgs) # add flow rules for the new policies if self.cfg.isSupersetsMode(): dp_msgs = ss_process_policy_change(self.supersets, add_policies, remove_policies, policies, self.port_count, self.port0_mac) else: dp_msgs = [] self.dp_queued.extend(dp_msgs) self.push_dp() return 0
def process_policy_changes(self, change_info): if not self.cfg.isSupersetsMode(): self.logger.warn('Dynamic policy updates only supported in SuperSet mode') return # First step towards a less brute force approach: Handle removals without having to remove everything if 'removal_cookies' in change_info: cookies = change_info['removal_cookies'] removed_in_cookies = self.remove_policies_by_cookies(cookies, 'inbound') self.queue_flow_removals(removed_in_cookies, 'inbound') removed_out_cookies = self.remove_policies_by_cookies(cookies, 'outbound') self.queue_flow_removals(removed_out_cookies, 'outbound') if not 'new_policies' in change_info: self.push_dp() return # Remainder of this method is brute force approach: wipe everything and re-do it # This should be replaced by a more fine grained approach self.logger.debug("Wiping outbound rules.") wipe_msgs = msg_clear_all_outbound(self.policies, self.port0_mac) self.dp_queued.extend(wipe_msgs) self.logger.debug("pre-updated policies: " + json.dumps(self.policies)) if 'removal_cookies' in change_info: cookies = change_info['removal_cookies'] self.remove_policies_by_cookies(cookies, 'inbound') self.remove_policies_by_cookies(cookies, 'outbound') if 'new_policies' in change_info: new_policies = change_info['new_policies'] self.sanitize_policies(new_policies) self.update_policies(new_policies, 'inbound') self.update_policies(new_policies, 'outbound') self.logger.debug("updated policies: " + json.dumps(self.policies)) self.logger.debug("pre-recomputed supersets: " + json.dumps(self.supersets.supersets)) self.initialize_dataplane() self.push_dp() # Send gratuitous ARP responses for all garp_required_vnhs = self.VNH_2_prefix.keys() for vnh in garp_required_vnhs: self.process_arp_request(None, vnh) return # Original code below... "Process the changes in participants' policies" # TODO: Implement the logic of dynamically changing participants' outbound and inbound policy ''' change_info = { 'removal_cookies' : [cookie1, ...], # Cookies of deleted policies 'new_policies' : { <policy file format> } } ''' # remove flow rules for the old policies removal_msgs = [] ''' for cookie in change_info['removal_cookies']: mod = {"rule_type":"outbound", "priority":0, "match":match_args , "action":{}, "cookie":cookie, "mod_type":"remove"} removal_msgs.append(mod) ''' self.dp_queued.extend(removal_msgs) # add flow rules for the new policies if self.cfg.isSupersetsMode(): dp_msgs = ss_process_policy_change(self.supersets, add_policies, remove_policies, policies, self.port_count, self.port0_mac) else: dp_msgs = [] self.dp_queued.extend(dp_msgs) self.push_dp() return 0