def _ng_qer_update(
self, request: SessionSet, pdr_entry: PDRRuleEntry,
) -> Tuple[List[RuleModResult], List[RuleModResult]]:
enforcement_res = []
failed_policy_rules_results = []
session_version = request.session_version
local_f_teid_ng = request.local_f_teid
# PDR is deleted with ActiveRules or DelActive rules recieved
if pdr_entry.pdr_state == PdrState.Value('REMOVE'):
qos_enforce_rule = pdr_entry.del_qos_enforce_rule
if qos_enforce_rule.ip_addr:
ipv4 = convert_ipv4_str_to_ip_proto(qos_enforce_rule.ip_addr)
self._ng_deactivate_qer_flows(
ipv4, local_f_teid_ng,
qos_enforce_rule, session_version,
)
if qos_enforce_rule.ipv6_addr:
ipv6 = convert_ipv6_bytes_to_ip_proto(qos_enforce_rule.ipv6_addr)
self._ng_deactivate_qer_flows(
ipv6, local_f_teid_ng,
qos_enforce_rule, session_version,
)
elif pdr_entry.pdr_state == PdrState.Value('IDLE'):
qos_enforce_rule = pdr_entry.add_qos_enforce_rule
if qos_enforce_rule.ip_addr:
ipv4 = convert_ipv4_str_to_ip_proto(qos_enforce_rule.ip_addr)
self._ng_inactivate_qer_flows(ipv4, qos_enforce_rule, session_version)
if qos_enforce_rule.ipv6_addr:
ipv6 = convert_ipv6_bytes_to_ip_proto(qos_enforce_rule.ipv6_addr)
self._ng_inactivate_qer_flows(ipv6, qos_enforce_rule, session_version)
# Install PDR rules
elif pdr_entry.pdr_state == PdrState.Value('INSTALL'):
qos_enforce_rule = pdr_entry.add_qos_enforce_rule
if qos_enforce_rule.ip_addr:
ipv4 = convert_ipv4_str_to_ip_proto(qos_enforce_rule.ip_addr)
enforcement_res = \
self._ng_activate_qer_flow(
ipv4, local_f_teid_ng,
qos_enforce_rule, session_version,
)
failed_policy_rules_results = \
_retrieve_failed_results(enforcement_res)
if qos_enforce_rule.ipv6_addr:
ipv6 = convert_ipv6_bytes_to_ip_proto(qos_enforce_rule.ipv6_addr)
enforcement_res = \
self._ng_activate_qer_flow(
ipv6, local_f_teid_ng,
qos_enforce_rule, session_version,
)
failed_policy_rules_results = \
_retrieve_failed_results(enforcement_res)
return failed_policy_rules_results
def _activate_flows(
self, request: ActivateFlowsRequest,
fut: 'Future[ActivateFlowsResult]',
) -> None:
"""
Activate flows for ipv4 / ipv6 or both
CWF won't have an ip_addr passed
"""
ret = ActivateFlowsResult()
if self._service_config['setup_type'] == 'CWF' or request.ip_addr:
ipv4 = convert_ipv4_str_to_ip_proto(request.ip_addr)
if request.request_origin.type == RequestOriginType.GX:
self._update_version(request, ipv4)
ret_ipv4 = self._install_flows_gx(request, ipv4)
else:
ret_ipv4 = self._install_flows_gy(request, ipv4)
ret.policy_results.extend(ret_ipv4.policy_results)
if request.ipv6_addr:
ipv6 = convert_ipv6_bytes_to_ip_proto(request.ipv6_addr)
self._update_ipv6_prefix_store(request.ipv6_addr)
if request.request_origin.type == RequestOriginType.GX:
self._update_version(request, ipv6)
ret_ipv6 = self._install_flows_gx(request, ipv6)
else:
ret_ipv6 = self._install_flows_gy(request, ipv6)
ret.policy_results.extend(ret_ipv6.policy_results)
fut.set_result(ret)
def _activate_flows(self, request: ActivateFlowsRequest,
fut: 'Future[ActivateFlowsResult]') -> None:
"""
Activate flows for ipv4 / ipv6 or both
CWF won't have an ip_addr passed
"""
ret = ActivateFlowsResult()
if self._service_config['setup_type'] == 'CWF' or request.ip_addr:
ipv4 = convert_ipv4_str_to_ip_proto(request.ip_addr)
if request.request_origin.type == RequestOriginType.GX:
ret_ipv4 = self._install_flows_gx(request, ipv4)
else:
ret_ipv4 = self._install_flows_gy(request, ipv4)
ret.static_rule_results.extend(ret_ipv4.static_rule_results)
ret.dynamic_rule_results.extend(ret_ipv4.dynamic_rule_results)
if request.ipv6_addr:
ipv6 = convert_ipv6_bytes_to_ip_proto(request.ipv6_addr)
self._update_ipv6_prefix_store(request.ipv6_addr)
if request.request_origin.type == RequestOriginType.GX:
ret_ipv6 = self._install_flows_gx(request, ipv6)
else:
ret_ipv6 = self._install_flows_gy(request, ipv6)
ret.static_rule_results.extend(ret_ipv6.static_rule_results)
ret.dynamic_rule_results.extend(ret_ipv6.dynamic_rule_results)
if request.uplink_tunnel and request.downlink_tunnel:
self._update_tunnel_map_store(request.uplink_tunnel,
request.downlink_tunnel)
fut.set_result(ret)
def _get_ue_specific_flow_msgs(self, requests: List[ActivateFlowsRequest]):
msg_list = []
for add_flow_req in requests:
imsi = add_flow_req.sid.id
apn_ambr = add_flow_req.apn_ambr
policies = add_flow_req.policies
msisdn = add_flow_req.msisdn
uplink_tunnel = add_flow_req.uplink_tunnel
if self._setup_type == 'CWF' or add_flow_req.ip_addr:
ipv4 = convert_ipv4_str_to_ip_proto(add_flow_req.ip_addr)
msgs = self._get_default_flow_msgs_for_subscriber(imsi, ipv4)
if msgs:
msg_list.extend(msgs)
for policy in policies:
msg_list.extend(self._get_policy_flows(imsi, msisdn, uplink_tunnel, ipv4, apn_ambr, policy))
if add_flow_req.ipv6_addr:
ipv6 = convert_ipv6_bytes_to_ip_proto(add_flow_req.ipv6_addr)
msgs = self._get_default_flow_msgs_for_subscriber(imsi, ipv6)
if msgs:
msg_list.extend(msgs)
for policy in policies:
msg_list.extend(self._get_policy_flows(imsi, msisdn, uplink_tunnel, ipv6, apn_ambr, policy))
return {self.tbl_num: msg_list}
def test_subscriber_ipv6_policy(self):
"""
Add policy to subscriber, send 4096 packets
Assert:
Packets are properly matched with the 'simple_match' policy
Send /20 (4096) packets, match /16 (256) packets
"""
fake_controller_setup(self.enforcement_controller)
imsi = 'IMSI010000000088888'
sub_ip = 'de34:431d:1bc::'
flow_list1 = [
FlowDescription(
match=FlowMatch(
ip_dst=convert_ipv6_bytes_to_ip_proto(
'f333:432::dbca'.encode('utf-8'), ),
direction=FlowMatch.UPLINK,
),
action=FlowDescription.PERMIT,
),
]
policies = [
VersionedPolicy(
rule=PolicyRule(id='simple_match',
priority=2,
flow_list=flow_list1),
version=1,
),
]
# ============================ Subscriber ============================
sub_context = RyuDirectSubscriberContext(
imsi,
sub_ip,
self.enforcement_controller,
self._tbl_num,
).add_policy(policies[0])
isolator = RyuDirectTableIsolator(
RyuForwardFlowArgsBuilder.from_subscriber(
sub_context.cfg).build_requests(),
self.testing_controller,
)
pkt_sender = ScapyPacketInjector(self.IFACE)
packet = IPv6PacketBuilder() \
.set_ip_layer('f333:432::dbca', sub_ip) \
.set_ether_layer(self.MAC_DEST, "00:00:00:00:00:00") \
.build()
# =========================== Verification ===========================
snapshot_verifier = SnapshotVerifier(
self,
self.BRIDGE,
self.service_manager,
)
with isolator, sub_context, snapshot_verifier:
pkt_sender.send(packet)
def test_ipv6_rule_install(self):
"""
Adds a ipv6 policy to a subscriber. Verifies that flows are properly
installed in enforcement and enforcement stats.
Assert:
Policy classification flows installed in enforcement
Policy match flows installed in enforcement_stats
"""
fake_controller_setup(
self.enforcement_controller,
self.enforcement_stats_controller,
)
imsi = 'IMSI001010000000013'
sub_ip = 'de34:431d:1bc::'
flow_list = [
FlowDescription(
match=FlowMatch(
ip_dst=convert_ipv6_bytes_to_ip_proto(
'f333:432::dbca'.encode('utf-8'), ),
direction=FlowMatch.UPLINK,
),
action=FlowDescription.PERMIT,
),
]
policy = VersionedPolicy(
rule=PolicyRule(id='rule1', priority=3, flow_list=flow_list),
version=1,
)
self.service_manager.session_rule_version_mapper.save_version(
imsi,
convert_ipv4_str_to_ip_proto(sub_ip),
'rule1',
1,
)
""" Setup subscriber, setup table_isolation to fwd pkts """
sub_context = RyuDirectSubscriberContext(
imsi,
sub_ip,
self.enforcement_controller,
self._main_tbl_num,
self.enforcement_stats_controller,
).add_policy(policy)
# =========================== Verification ===========================
snapshot_verifier = SnapshotVerifier(
self,
self.BRIDGE,
self.service_manager,
)
with sub_context, snapshot_verifier:
pass
def _deactivate_flows(self, request):
"""
Deactivate flows for ipv4 / ipv6 or both
CWF won't have an ip_addr passed
"""
if self._service_config['setup_type'] == 'CWF' or request.ip_addr:
ipv4 = convert_ipv4_str_to_ip_proto(request.ip_addr)
if self._should_remove_from_gx(request):
self._deactivate_flows_gx(request, ipv4)
if self._should_remove_from_gy(request):
self._deactivate_flows_gy(request, ipv4)
if request.ipv6_addr:
ipv6 = convert_ipv6_bytes_to_ip_proto(request.ipv6_addr)
self._update_ipv6_prefix_store(request.ipv6_addr)
if self._should_remove_from_gx(request):
self._deactivate_flows_gx(request, ipv6)
if self._should_remove_from_gy(request):
self._deactivate_flows_gy(request, ipv6)
def test_enforcement_ipv6_restart(self):
"""
Adds rules using the setup feature
1) Empty SetupFlowsRequest
- assert default flows
2) Add imsi with ipv6 policy
- assert everything is properly added
"""
fake_controller_setup(
enf_controller=self.enforcement_controller,
enf_stats_controller=self.enforcement_stats_controller,
startup_flow_controller=self.startup_flows_contoller,
)
snapshot_verifier = SnapshotVerifier(
self,
self.BRIDGE,
self.service_manager,
'default_flows',
)
with snapshot_verifier:
pass
imsi = 'IMSI010000002388888'
sub_ip = b'fe80:24c3:d0ff:fef3:9d21:4407:d337:1928'
flow_list = [
FlowDescription(
match=FlowMatch(
ip_dst=convert_ipv6_bytes_to_ip_proto(b'fe80::'),
direction=FlowMatch.UPLINK,
),
action=FlowDescription.PERMIT,
),
]
policies = [
VersionedPolicy(
rule=PolicyRule(id='ipv6_rule',
priority=2,
flow_list=flow_list),
version=1,
),
]
enf_stat_name = [imsi + '|ipv6_rule' + '|' + str(sub_ip) + "|" + "1"]
setup_flows_request = SetupFlowsRequest(
requests=[
ActivateFlowsRequest(
sid=SIDUtils.to_pb(imsi),
ipv6_addr=sub_ip,
policies=policies,
),
],
epoch=global_epoch,
)
fake_controller_setup(
enf_controller=self.enforcement_controller,
enf_stats_controller=self.enforcement_stats_controller,
startup_flow_controller=self.startup_flows_contoller,
setup_flows_request=setup_flows_request,
)
snapshot_verifier = SnapshotVerifier(
self,
self.BRIDGE,
self.service_manager,
'after_restart',
)
with snapshot_verifier:
pass
fake_controller_setup(
enf_controller=self.enforcement_controller,
enf_stats_controller=self.enforcement_stats_controller,
startup_flow_controller=self.startup_flows_contoller,
)
snapshot_verifier = SnapshotVerifier(
self,
self.BRIDGE,
self.service_manager,
'default_flows',
)
with snapshot_verifier:
pass
def _ng_qer_update(
self,
request: SessionSet,
pdr_entry: PDRRuleEntry,
) -> List[RuleModResult]:
enforcement_res = []
failed_policy_rules_results: List = []
local_f_teid_ng = request.local_f_teid
# PDR is deleted with ActiveRules or DelActive rules recieved
if pdr_entry.pdr_state == PdrState.Value('REMOVE'):
qos_enforce_rule = pdr_entry.del_qos_enforce_rule
if qos_enforce_rule.ip_addr:
ipv4 = convert_ip_str_to_ip_proto(qos_enforce_rule.ip_addr)
self._ng_deactivate_qer_flows(
ipv4,
local_f_teid_ng,
qos_enforce_rule,
)
if qos_enforce_rule.ipv6_addr:
ipv6 = convert_ipv6_bytes_to_ip_proto(
qos_enforce_rule.ipv6_addr)
self._update_ipv6_prefix_store(qos_enforce_rule.ipv6_addr)
self._ng_deactivate_qer_flows(
ipv6,
local_f_teid_ng,
qos_enforce_rule,
)
elif pdr_entry.pdr_state == PdrState.Value('IDLE'):
qos_enforce_rule = pdr_entry.add_qos_enforce_rule
if qos_enforce_rule.ip_addr:
ipv4 = convert_ipv4_str_to_ip_proto(qos_enforce_rule.ip_addr)
self._ng_inactivate_qer_flows(ipv4, qos_enforce_rule)
if qos_enforce_rule.ipv6_addr:
ipv6 = convert_ipv6_bytes_to_ip_proto(
qos_enforce_rule.ipv6_addr)
self._ng_inactivate_qer_flows(ipv6, qos_enforce_rule)
# Install PDR rules
elif pdr_entry.pdr_state == PdrState.Value('INSTALL') or \
pdr_entry.pdr_state == PdrState.Value('MODI'):
qos_enforce_rule = pdr_entry.add_qos_enforce_rule
if qos_enforce_rule.ip_addr:
ipv4 = convert_ip_str_to_ip_proto(qos_enforce_rule.ip_addr)
enforcement_res = \
self._ng_activate_qer_flow(
ipv4, local_f_teid_ng,
qos_enforce_rule,
)
failed_policy_rules_results = \
_retrieve_failed_results(enforcement_res)
if qos_enforce_rule.ipv6_addr:
ipv6 = convert_ipv6_bytes_to_ip_proto(
qos_enforce_rule.ipv6_addr)
self._update_ipv6_prefix_store(qos_enforce_rule.ipv6_addr)
enforcement_res = \
self._ng_activate_qer_flow(
ipv6, local_f_teid_ng,
qos_enforce_rule,
)
failed_policy_rules_results = \
_retrieve_failed_results(enforcement_res)
if pdr_entry.pdr_state == PdrState.Value('MODI'):
qos_enforce_deactivate_rule = pdr_entry.del_qos_enforce_rule
if qos_enforce_deactivate_rule.policies:
logging.info("qos_enforce_deactivate_rule.policies")
if qos_enforce_deactivate_rule.ip_addr:
ipv4 = convert_ip_str_to_ip_proto(
qos_enforce_deactivate_rule.ip_addr)
self._ng_mod_qer_flow(
ipv4,
qos_enforce_deactivate_rule,
)
if qos_enforce_deactivate_rule.ipv6_addr:
ipv6 = convert_ipv6_bytes_to_ip_proto(
qos_enforce_deactivate_rule.ipv6_addr)
self._ng_mod_qer_flow(
ipv6,
qos_enforce_deactivate_rule,
)
return failed_policy_rules_results
