def capture_new_source_dest_pairs_policy(self): policies = [] for switch in self.nib.switches_present(): dpid = self.nib.switch_to_dpid(switch) for endhost in self.nib.get_endhosts(switch): (host, host_port, host_mac, host_ip) = endhost opposite_switch = self.nib.opposite_switch(switch) dest_cdr = self.nib.actual_net_for(opposite_switch) (dest_net, dest_mask) = NetUtils.net_mask(dest_cdr) # Note we really don't have to test for source IP, but it's extra security policies.append( Filter( Policies.at_switch_port(dpid, host_port) & Policies.is_ip() & IP4SrcEq(host_ip) & IP4DstEq(dest_net, dest_mask) & self.destination_not_known_host_on_net(host_ip, dest_cdr) ) >> Policies.send_to_controller() ) for ap in self.nib.alternate_paths(): dest_cdr = ap[opposite_switch] (dest_net, dest_mask) = NetUtils.net_mask(dest_cdr) policies.append( Filter( Policies.at_switch_port(dpid, host_port) & Policies.is_ip() & IP4SrcEq(host_ip) & IP4DstEq(dest_net, dest_mask) & self.destination_not_known_host_on_net(host_ip, dest_cdr) ) >> Policies.send_to_controller() ) # Now handle incoming packets for all our home networks. We need to learn # those (src, dest) pairs as well for ap in self.nib.alternate_paths(): dest_cdr = ap[switch] (dest_net, dest_mask) = NetUtils.net_mask(dest_cdr) policies.append( Filter(Policies.is_ip() & IP4DstEq(dest_net, dest_mask) & self.src_dest_pair_not_learned(dest_cdr)) >> Policies.send_to_controller() ) return Union(policies)
def policy(self): policies = [] for switch in self.nib.switches_present(): dpid = self.nib.switch_to_dpid(switch) # In normal mode, we capture ARP requests for IP's that don't really exist. You can # think of them as symbolic links to the real IP. We capture .1 address of # each of the endpoint networks, plus any real hosts on the net # And we capture ARP requests for the alternate paths. These will always be for # hosts that have no real estate on the imaginary link, as in 192.168.156.100 along # the 192.168.156.* imaginary network. This will be translated to the real net 192.168.56.100 # Note: only the routers actually send these requests, not end hosts, who always send them # to a default gateway. for ap in self.nib.alternate_paths(): (net, mask) = NetUtils.net_mask(ap[switch]) policies.append(Filter(Policies.at_switch(dpid) & Policies.is_arp() & IP4DstEq(net,mask)) >> Policies.send_to_controller()) return Union(policies)
def dest_real_net(self, switch): net_and_mask = self.nib.actual_net_for(switch) (net, mask) = NetUtils.net_mask(net_and_mask) return IP4DstEq(net,mask)