コード例 #1
0
ファイル: policy_mixin.py プロジェクト: vignesh-vr/magma
    def _get_classify_rule_flow_msgs(self, imsi, ip_addr, apn_ambr, flow,
                                     rule_num, priority, qos, hard_timeout,
                                     rule_id, app_name, app_service_type,
                                     next_table, version, qos_mgr):
        """
        Install a flow from a rule. If the flow action is DENY, then the flow
        will drop the packet. Otherwise, the flow classifies the packet with
        its matched rule and injects the rule num into the packet's register.
        """
        flow_match = flow_match_to_magma_match(flow.match, ip_addr)
        flow_match.imsi = encode_imsi(imsi)
        flow_match_actions, instructions = self._get_action_for_rule(
            flow, rule_num, imsi, ip_addr, apn_ambr, qos, rule_id, version,
            qos_mgr)
        msgs = []
        if app_name:
            # We have to allow initial traffic to pass through, before it gets
            # classified by DPI, flow match set app_id to unclassified
            flow_match.app_id = UNCLASSIFIED_PROTO_ID
            parser = self._datapath.ofproto_parser
            passthrough_actions = flow_match_actions + \
                [parser.NXActionRegLoad2(dst=SCRATCH_REGS[1],
                                         value=IGNORE_STATS)]
            msgs.append(
                flows.get_add_resubmit_current_service_flow_msg(
                    self._datapath,
                    self.tbl_num,
                    flow_match,
                    passthrough_actions,
                    hard_timeout=hard_timeout,
                    priority=self.UNCLASSIFIED_ALLOW_PRIORITY,
                    cookie=rule_num,
                    resubmit_table=next_table))
            flow_match.app_id = get_app_id(
                PolicyRule.AppName.Name(app_name),
                PolicyRule.AppServiceType.Name(app_service_type),
            )

        if flow.action == flow.DENY:
            msgs.append(
                flows.get_add_drop_flow_msg(self._datapath,
                                            self.tbl_num,
                                            flow_match,
                                            flow_match_actions,
                                            hard_timeout=hard_timeout,
                                            priority=priority,
                                            cookie=rule_num))
        else:
            msgs.append(
                flows.get_add_resubmit_current_service_flow_msg(
                    self._datapath,
                    self.tbl_num,
                    flow_match,
                    flow_match_actions,
                    instructions=instructions,
                    hard_timeout=hard_timeout,
                    priority=priority,
                    cookie=rule_num,
                    resubmit_table=next_table))
        return msgs
コード例 #2
0
    def _get_classify_rule_flow_msgs(self,
                                     imsi,
                                     msisdn: bytes,
                                     uplink_tunnel: int,
                                     ip_addr,
                                     apn_ambr,
                                     flow,
                                     rule_num,
                                     priority,
                                     qos,
                                     hard_timeout,
                                     rule_id,
                                     app_name,
                                     app_service_type,
                                     next_table,
                                     version,
                                     qos_mgr,
                                     copy_table,
                                     urls: List[str] = None):
        """
        Install a flow from a rule. If the flow action is DENY, then the flow
        will drop the packet. Otherwise, the flow classifies the packet with
        its matched rule and injects the rule num into the packet's register.
        """
        parser = self._datapath.ofproto_parser
        flow_match = flow_match_to_magma_match(flow.match, ip_addr)
        flow_match.imsi = encode_imsi(imsi)
        flow_match_actions, instructions = self._get_action_for_rule(
            flow, rule_num, imsi, ip_addr, apn_ambr, qos, rule_id, version,
            qos_mgr)
        msgs = []
        if app_name:
            # We have to allow initial traffic to pass through, before it gets
            # classified by DPI, flow match set app_id to unclassified
            flow_match.app_id = UNCLASSIFIED_PROTO_ID
            passthrough_actions = flow_match_actions + \
                [parser.NXActionRegLoad2(dst=SCRATCH_REGS[1],
                                         value=IGNORE_STATS)]
            msgs.append(
                flows.get_add_resubmit_current_service_flow_msg(
                    self._datapath,
                    self.tbl_num,
                    flow_match,
                    passthrough_actions,
                    hard_timeout=hard_timeout,
                    priority=Utils.UNCLASSIFIED_ALLOW_PRIORITY,
                    cookie=rule_num,
                    copy_table=copy_table,
                    resubmit_table=next_table))
            flow_match.app_id = get_app_id(
                PolicyRule.AppName.Name(app_name),
                PolicyRule.AppServiceType.Name(app_service_type),
            )

        # For DROP flow just send to stats table, it'll get dropped there
        if flow.action == flow.DENY:
            flow_match_actions = flow_match_actions + \
                [parser.NXActionRegLoad2(dst=SCRATCH_REGS[1],
                                         value=DROP_FLOW_STATS)]
            msgs.append(
                flows.get_add_resubmit_current_service_flow_msg(
                    self._datapath,
                    self.tbl_num,
                    flow_match,
                    flow_match_actions,
                    hard_timeout=hard_timeout,
                    priority=priority,
                    cookie=rule_num,
                    resubmit_table=copy_table))
        else:
            msgs.append(
                flows.get_add_resubmit_current_service_flow_msg(
                    self._datapath,
                    self.tbl_num,
                    flow_match,
                    flow_match_actions,
                    instructions=instructions,
                    hard_timeout=hard_timeout,
                    priority=priority,
                    cookie=rule_num,
                    copy_table=copy_table,
                    resubmit_table=next_table))

        if self.proxy_controller:
            ue_ip = ipv4_address_to_str(ip_addr)
            ip_dst = get_flow_ip_dst(flow.match)
            direction = get_direction_for_match(flow.match)

            proxy_msgs = self.proxy_controller.get_subscriber_he_flows(
                rule_id, direction, ue_ip, uplink_tunnel, ip_dst, rule_num,
                urls, imsi, msisdn)
            msgs.extend(proxy_msgs)
        return msgs