def _add_resolved_route(self, vlan, ip_gw, ip_dst, eth_dst, is_updated=None): ofmsgs = [] if is_updated is not None: in_match = self.valve_in_match( self.fib_table, vlan=vlan, eth_type=self._eth_type(), nw_dst=ip_dst) prefixlen = ipaddr.IPNetwork(ip_dst).prefixlen priority = self.route_priority + prefixlen if is_updated: self.logger.info( 'Updating next hop for route %s via %s (%s)', ip_dst, ip_gw, eth_dst) ofmsgs.extend(self.valve_flowdel( self.fib_table, in_match, priority=priority)) else: self.logger.info( 'Adding new route %s via %s (%s)', ip_dst, ip_gw, eth_dst) ofmsgs.append(self.valve_flowmod( self.fib_table, in_match, priority=priority, inst=[valve_of.apply_actions( [valve_of.set_eth_src(self.faucet_mac), valve_of.set_eth_dst(eth_dst), valve_of.dec_ip_ttl()])] + [valve_of.goto_table(self.eth_dst_table)])) now = time.time() link_neighbor = LinkNeighbor(eth_dst, now) neighbor_cache = self._vlan_neighbor_cache(vlan) neighbor_cache[ip_gw] = link_neighbor return ofmsgs
def build_output_actions(output_dict): """Implement actions to alter packet/output.""" output_actions = [] output_port = None ofmsgs = [] # if destination rewriting selected, rewrite it. if 'dl_dst' in output_dict: output_actions.append(valve_of.set_eth_dst(output_dict['dl_dst'])) # rewrite any VLAN headers. vlan_actions = rewrite_vlan(output_dict) if vlan_actions: output_actions.extend(vlan_actions) if 'port' in output_dict: output_port = output_dict['port'] output_actions.append(valve_of.output_port(output_port)) if 'failover' in output_dict: failover = output_dict['failover'] group_id = failover['group_id'] buckets = [] for port in failover['ports']: buckets.append( valve_of.bucket(watch_port=port, actions=[valve_of.output_port(port)])) ofmsgs.append(valve_of.groupdel(group_id=group_id)) ofmsgs.append(valve_of.groupadd_ff(group_id=group_id, buckets=buckets)) output_actions.append(valve_of.group_act(group_id=group_id)) return (output_port, output_actions, ofmsgs)
def _add_resolved_route(self, vlan, ip_gw, ip_dst, eth_dst, is_updated=None): ofmsgs = [] if is_updated is not None: in_match = self.valve_in_match( self.fib_table, vlan=vlan, eth_type=self._eth_type(), nw_dst=ip_dst) prefixlen = ipaddr.IPNetwork(ip_dst).prefixlen priority = self.route_priority + prefixlen if is_updated: self.logger.info( 'Updating next hop for route %s via %s (%s)', ip_dst, ip_gw, eth_dst) ofmsgs.extend(self.valve_flowdel( self.fib_table, in_match, priority=priority)) else: self.logger.info( 'Adding new route %s via %s (%s)', ip_dst, ip_gw, eth_dst) if self.use_group_table: inst = [valve_of.apply_actions([valve_of.group_act( group_id=self.ip_gw_to_group_id[ip_gw])])] else: inst = [valve_of.apply_actions([ valve_of.set_eth_src(self.faucet_mac), valve_of.set_eth_dst(eth_dst), valve_of.dec_ip_ttl()]), valve_of.goto_table(self.eth_dst_table)] ofmsgs.append(self.valve_flowmod( self.fib_table, in_match, priority=priority, inst=inst)) return ofmsgs
def _nexthop_actions(self, eth_dst, vlan): ofmsgs = [] if self.routers: ofmsgs.append(valve_of.set_vlan_vid(vlan.vid)) ofmsgs.extend([ valve_of.set_eth_src(self.faucet_mac), valve_of.set_eth_dst(eth_dst), valve_of.dec_ip_ttl()]) return ofmsgs
def build_acl_entry(rule_conf, acl_allow_inst, port_num=None, vlan_vid=None): acl_inst = [] match_dict = {} for attrib, attrib_value in list(rule_conf.items()): if attrib.startswith('_') and attrib.endswith('_'): continue if attrib == 'in_port': continue if attrib == 'actions': allow = False allow_specified = False if 'allow' in attrib_value: allow_specified = True if attrib_value['allow'] == 1: allow = True if 'mirror' in attrib_value: port_no = attrib_value['mirror'] acl_inst.append( valve_of.apply_actions([valve_of.output_port(port_no)])) if not allow_specified: allow = True if 'output' in attrib_value: output_dict = attrib_value['output'] output_actions = [] output_port = None if 'port' in output_dict: output_port = output_dict['port'] # if destination rewriting selected, rewrite it. if 'dl_dst' in output_dict: output_actions.append( valve_of.set_eth_dst(output_dict['dl_dst'])) # rewrite any VLAN headers. vlan_actions = rewrite_vlan(output_dict) if vlan_actions: output_actions.extend(vlan_actions) # output to a port if specified. if output_port is not None: output_actions.append(valve_of.output_port(output_port)) acl_inst.append(valve_of.apply_actions(output_actions)) # if port specified, output packet now and exit pipeline. if output_port is not None: continue if allow: acl_inst.append(acl_allow_inst) else: match_dict[attrib] = attrib_value if port_num is not None: match_dict['in_port'] = port_num if vlan_vid is not None: match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid) acl_match = valve_of.match_from_dict(match_dict) return acl_match, acl_inst
def build_acl_entry(rule_conf, acl_allow_inst, port_num=None, vlan_vid=None): acl_inst = [] match_dict = {} for attrib, attrib_value in rule_conf.items(): if attrib == 'in_port': continue if attrib == 'actions': allow = False allow_specified = False if 'allow' in attrib_value: allow_specified = True if attrib_value['allow'] == 1: allow = True if 'mirror' in attrib_value: port_no = attrib_value['mirror'] acl_inst.append( valve_of.apply_actions([valve_of.output_port(port_no)])) if not allow_specified: allow = True # if output selected, output packet now and exit pipeline. if 'output' in attrib_value: output_dict = attrib_value['output'] output_actions = [] # if destination rewriting selected, rewrite it. if 'dl_dst' in output_dict: output_actions.append( valve_of.set_eth_dst(output_dict['dl_dst'])) # if vlan tag is specified, push it. if 'vlan_vid' in output_dict: output_actions.extend( valve_of.push_vlan_act(output_dict['vlan_vid'])) # output to port port_no = output_dict['port'] output_actions.append(valve_of.output_port(port_no)) acl_inst.append(valve_of.apply_actions(output_actions)) continue if allow: acl_inst.append(acl_allow_inst) else: match_dict[attrib] = attrib_value if port_num is not None: match_dict['in_port'] = port_num if vlan_vid is not None: match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid) acl_match = valve_of.match_from_dict(match_dict) return acl_match, acl_inst
def build_acl_entry(rule_conf, acl_allow_inst, port_num=None, vlan_vid=None): acl_inst = [] match_dict = {} for attrib, attrib_value in rule_conf.iteritems(): if attrib == 'in_port': continue if attrib == 'actions': allow = False allow_specified = False if 'allow' in attrib_value: allow_specified = True if attrib_value['allow'] == 1: allow = True if 'mirror' in attrib_value: port_no = attrib_value['mirror'] acl_inst.append( valve_of.apply_actions([valve_of.output_port(port_no)])) if not allow_specified: allow = True # if output selected, output packet now and exit pipeline. if 'output' in attrib_value: output_dict = attrib_value['output'] output_actions = [] # if destination rewriting selected, rewrite it. if 'dl_dst' in output_dict: output_actions.append( valve_of.set_eth_dst(output_dict['dl_dst'])) # if vlan tag is specified, push it. if 'vlan_vid' in output_dict: output_actions.extend( valve_of.push_vlan_act(output_dict['vlan_vid'])) # output to port port_no = output_dict['port'] output_actions.append(valve_of.output_port(port_no)) acl_inst.append(valve_of.apply_actions(output_actions)) continue if allow: acl_inst.append(acl_allow_inst) else: match_dict[attrib] = attrib_value if port_num is not None: match_dict['in_port'] = port_num if vlan_vid is not None: match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid) acl_match = valve_of.match_from_dict(match_dict) return acl_match, acl_inst
def _update_nexthop(self, vlan, in_port, eth_src, resolved_ip_gw): ofmsgs = [] is_updated = None routes = self._vlan_routes(vlan) group_mod_method = None group_id = None nexthop_cache_entry = self._vlan_nexthop_cache_entry( vlan, resolved_ip_gw) if (nexthop_cache_entry is not None and nexthop_cache_entry.eth_src is not None): cached_eth_dst = nexthop_cache_entry.eth_src if cached_eth_dst != eth_src: is_updated = True if self.use_group_table: group_mod_method = valve_of.groupmod group_id = self.ip_gw_to_group_id[resolved_ip_gw] else: is_updated = False if self.use_group_table: group_mod_method = valve_of.groupadd group_id = self._group_id_from_ip_gw(resolved_ip_gw) self.ip_gw_to_group_id[resolved_ip_gw] = group_id if is_updated is not None: if self.use_group_table: actions = [] actions.extend([ valve_of.set_eth_src(self.faucet_mac), valve_of.set_eth_dst(eth_src), valve_of.dec_ip_ttl()]) if not vlan.port_is_tagged(in_port): actions.append(valve_of.pop_vlan()) actions.append(valve_of.output_port(in_port)) ofmsgs.append(group_mod_method( group_id=group_id, buckets=[valve_of.bucket(actions=actions)])) for ip_dst, ip_gw in routes.iteritems(): if ip_gw == resolved_ip_gw: ofmsgs.extend(self._add_resolved_route( vlan, ip_gw, ip_dst, eth_src, is_updated)) self._update_nexthop_cache(vlan, eth_src, resolved_ip_gw) return ofmsgs
def _nexthop_actions(self, eth_dst): return [ valve_of.set_eth_src(self.faucet_mac), valve_of.set_eth_dst(eth_dst), valve_of.dec_ip_ttl() ]
def _nexthop_actions(self, eth_dst): return [ valve_of.set_eth_src(self.faucet_mac), valve_of.set_eth_dst(eth_dst), valve_of.dec_ip_ttl()]