def build_acl(acl, vid=None):
"""Check that ACL can be built from config and mark mirror destinations."""
if acl.rules:
null_dp = namedtuple('null_dp', 'ofproto')
null_dp.ofproto = valve_of.ofp
try:
ofmsgs = valve_acl.build_acl_ofmsgs(
[acl],
self.wildcard_table,
valve_of.goto_table(self.wildcard_table),
valve_of.goto_table(self.wildcard_table),
2**16 - 1,
self.meters,
acl.exact_match,
vlan_vid=vid)
assert ofmsgs
for ofmsg in ofmsgs:
ofmsg.datapath = null_dp
ofmsg.set_xid(0)
ofmsg.serialize()
except (AddrFormatError, KeyError, ValueError) as err:
raise InvalidConfigError(err)
for port_no in mirror_destinations:
port = self.ports[port_no]
port.output_only = True
def build_acl(acl, vid=None):
"""Check that ACL can be built from config."""
assert valve_acl.build_acl_ofmsgs([acl],
self.wildcard_table,
valve_of.goto_table(
self.wildcard_table),
2**16,
self.meters,
vlan_vid=vid)
def _vlan_add_acl(self, vlan):
ofmsgs = []
if vlan.acl_in:
acl_table = self.dp.tables['vlan_acl']
acl_allow_inst = valve_of.goto_table(self.dp.tables['eth_src'])
ofmsgs = valve_acl.build_acl_ofmsgs(
[vlan.acl_in], acl_table, acl_allow_inst,
self.dp.highest_priority, self.dp.meters,
vlan.acl_in.exact_match, vlan_vid=vlan.vid)
return ofmsgs
def build_acl(acl, vid=None):
"""Check that ACL can be built from config and mark mirror destinations."""
if acl.rules:
try:
assert valve_acl.build_acl_ofmsgs(
[acl], self.wildcard_table,
valve_of.goto_table(self.wildcard_table),
2**16, self.meters, acl.exact_match,
vlan_vid=vid)
except (AddrFormatError, ValueError) as err:
raise InvalidConfigError(err)
for port_no in acl.mirror_destinations:
port = self.ports[port_no]
port.mirror_destination = True
def build(self, meters, vid, port_num):
"""Check that ACL can be built from config."""
class NullRyuDatapath:
"""Placeholder Ryu Datapath."""
ofproto = valve_of.ofp
self.matches = {}
self.set_fields = set()
self.meter = False
if self.rules:
try:
ofmsgs = valve_acl.build_acl_ofmsgs(
[self],
wildcard_table,
valve_of.goto_table(wildcard_table),
valve_of.goto_table(wildcard_table),
2**16 - 1,
meters,
self.exact_match,
vlan_vid=vid,
port_num=port_num)
except (netaddr.core.AddrFormatError, KeyError, ValueError) as err:
raise InvalidConfigError(err)
test_config_condition(not ofmsgs, 'OF messages is empty')
for ofmsg in ofmsgs:
ofmsg.datapath = NullRyuDatapath()
ofmsg.set_xid(0)
try:
ofmsg.serialize()
except (KeyError, ValueError) as err:
raise InvalidConfigError(err)
except Exception as err:
print(ofmsg)
raise err
if valve_of.is_flowmod(ofmsg):
apply_actions = []
for inst in ofmsg.instructions:
if valve_of.is_apply_actions(inst):
apply_actions.extend(inst.actions)
elif valve_of.is_meter(inst):
self.meter = True
for action in apply_actions:
if valve_of.is_set_field(action):
self.set_fields.add(action.key)
for match, value in list(ofmsg.match.items()):
has_mask = isinstance(value, (tuple, list))
if has_mask or match not in self.matches:
self.matches[match] = has_mask
return (self.matches, self.set_fields, self.meter)
def build(self, meters, vid, port_num):
"""Check that ACL can be built from config."""
class NullRyuDatapath:
"""Placeholder Ryu Datapath."""
ofproto = valve_of.ofp
self.matches = {}
self.set_fields = set()
self.meter = False
if self.rules:
try:
ofmsgs = valve_acl.build_acl_ofmsgs(
[self], wildcard_table,
[valve_of.goto_table(wildcard_table)],
[valve_of.goto_table(wildcard_table)],
2**16-1, meters, self.exact_match,
vlan_vid=vid, port_num=port_num)
except (netaddr.core.AddrFormatError, KeyError, ValueError) as err:
raise InvalidConfigError(err)
test_config_condition(not ofmsgs, 'OF messages is empty')
for ofmsg in ofmsgs:
ofmsg.datapath = NullRyuDatapath()
ofmsg.set_xid(0)
try:
ofmsg.serialize()
except (KeyError, ValueError) as err:
raise InvalidConfigError(err)
except Exception as err:
print(ofmsg)
raise err
if valve_of.is_flowmod(ofmsg):
apply_actions = []
for inst in ofmsg.instructions:
if valve_of.is_apply_actions(inst):
apply_actions.extend(inst.actions)
elif valve_of.is_meter(inst):
self.meter = True
for action in apply_actions:
if valve_of.is_set_field(action):
self.set_fields.add(action.key)
for match, value in ofmsg.match.items():
has_mask = isinstance(value, (tuple, list))
if has_mask or match not in self.matches:
self.matches[match] = has_mask
return (self.matches, self.set_fields, self.meter)
def build_acl(acl, vid):
"""Check that ACL can be built from config and mark mirror destinations."""
matches = {}
set_fields = set()
meter = False
if acl.rules:
try:
ofmsgs = valve_acl.build_acl_ofmsgs(
[acl],
self.wildcard_table,
valve_of.goto_table(self.wildcard_table),
valve_of.goto_table(self.wildcard_table),
2**16 - 1,
self.meters,
acl.exact_match,
vlan_vid=vid)
except (netaddr.core.AddrFormatError, KeyError,
ValueError) as err:
raise InvalidConfigError(err)
test_config_condition(not ofmsgs, 'OF messages is empty')
for ofmsg in ofmsgs:
ofmsg.datapath = NullRyuDatapath()
ofmsg.set_xid(0)
try:
ofmsg.serialize()
except (KeyError, ValueError) as err:
raise InvalidConfigError(err)
if valve_of.is_flowmod(ofmsg):
apply_actions = []
for inst in ofmsg.instructions:
if valve_of.is_apply_actions(inst):
apply_actions.extend(inst.actions)
elif valve_of.is_meter(inst):
meter = True
for action in apply_actions:
if valve_of.is_set_field(action):
set_fields.add(action.key)
for match, value in list(ofmsg.match.items()):
has_mask = isinstance(value, (tuple, list))
if has_mask or match not in matches:
matches[match] = has_mask
for port_no in mirror_destinations:
port = self.ports[port_no]
port.output_only = True
return (matches, set_fields, meter)
def _port_add_acl(self, port, cold_start=False):
ofmsgs = []
acl_table = self.dp.tables['port_acl']
in_port_match = acl_table.match(in_port=port.number)
if cold_start:
ofmsgs.extend(acl_table.flowdel(in_port_match))
acl_allow_inst = valve_of.goto_table(self.dp.tables['vlan'])
if port.acl_in:
ofmsgs.extend(valve_acl.build_acl_ofmsgs(
[port.acl_in], acl_table, acl_allow_inst,
self.dp.highest_priority, self.dp.meters,
port.acl_in.exact_match, port_num=port.number))
else:
ofmsgs.append(acl_table.flowmod(
in_port_match,
priority=self.dp.highest_priority,
inst=[acl_allow_inst]))
return ofmsgs
def build_acl(acl, vid=None):
"""Check that ACL can be built from config and mark mirror destinations."""
if acl.rules:
try:
ofmsgs = valve_acl.build_acl_ofmsgs(
[acl],
self.wildcard_table,
valve_of.goto_table(self.wildcard_table),
valve_of.goto_table(self.wildcard_table),
2**16 - 1,
self.meters,
acl.exact_match,
vlan_vid=vid)
test_config_condition(not ofmsgs,
'of messages is empty')
for ofmsg in ofmsgs:
ofmsg.datapath = NullRyuDatapath()
ofmsg.set_xid(0)
ofmsg.serialize()
except (AddrFormatError, KeyError, ValueError) as err:
raise InvalidConfigError(err)
for port_no in mirror_destinations:
port = self.ports[port_no]
port.output_only = True
def build(self, meters, vid, port_num):
"""Check that ACL can be built from config."""
self.matches = {}
self.set_fields = set()
self.meter = False
if self.rules:
try:
ofmsgs = valve_acl.build_acl_ofmsgs(
[self], wildcard_table,
[valve_of.goto_table(wildcard_table)],
[valve_of.goto_table(wildcard_table)],
2**16-1, meters, self.exact_match,
vlan_vid=vid, port_num=port_num)
except (netaddr.core.AddrFormatError, KeyError, ValueError) as err:
raise InvalidConfigError from err
test_config_condition(not ofmsgs, 'OF messages is empty')
for ofmsg in ofmsgs:
try:
valve_of.verify_flowmod(ofmsg)
except (KeyError, ValueError) as err:
raise InvalidConfigError from err
except Exception as err:
raise err
if valve_of.is_flowmod(ofmsg):
apply_actions = []
for inst in ofmsg.instructions:
if valve_of.is_apply_actions(inst):
apply_actions.extend(inst.actions)
elif valve_of.is_meter(inst):
self.meter = True
for action in apply_actions:
if valve_of.is_set_field(action):
self.set_fields.add(action.key)
for match, value in ofmsg.match.items():
has_mask = isinstance(value, (tuple, list))
if has_mask or match not in self.matches:
self.matches[match] = has_mask
for tunnel_rules in self.tunnel_dests.values():
if 'exit_instructions' in tunnel_rules:
exit_inst = tunnel_rules['exit_instructions']
try:
ofmsgs = valve_acl.build_tunnel_ofmsgs(
exit_inst, wildcard_table, 1)
except (netaddr.core.AddrFormatError, KeyError, ValueError) as err:
raise InvalidConfigError from err
test_config_condition(not ofmsgs, 'OF messages is empty')
for ofmsg in ofmsgs:
try:
valve_of.verify_flowmod(ofmsg)
except (KeyError, ValueError) as err:
raise InvalidConfigError from err
except Exception as err:
raise err
if valve_of.is_flowmod(ofmsg):
apply_actions = []
for inst in ofmsg.instructions:
if valve_of.is_apply_actions(inst):
apply_actions.extend(inst.actions)
elif valve_of.is_meter(inst):
self.meter = True
for action in apply_actions:
if valve_of.is_set_field(action):
self.set_fields.add(action.key)
for match, value in ofmsg.match.items():
has_mask = isinstance(value, (tuple, list))
if has_mask or match not in self.matches:
self.matches[match] = has_mask
return (self.matches, self.set_fields, self.meter)
