def build_inbound_rules_for(participant_id, in_policies, ss_instance, final_switch): "Given a subset of inbound policies, return all the resulting rules." rules = [] for policy in in_policies: if "fwd" not in policy["action"]: continue port_num = policy["action"]["fwd"] # match on the next-hop vmac_bitmask = vmac_next_hop_mask(ss_instance) vmac = vmac_next_hop_match(participant_id, ss_instance) match_args = policy["match"] match_args["eth_dst"] = (vmac, vmac_bitmask) port_num = policy["action"]["fwd"] new_vmac = vmac_part_port_match(participant_id, port_num, ss_instance) actions = {"set_eth_dst":new_vmac, "fwd":[final_switch]} rule = {"rule_type":"inbound", "priority":INBOUND_HIT_PRIORITY, "match":match_args, "action":actions, "mod_type":"insert", "cookie":(policy["cookie"],2**16-1)} rules.append(rule) return rules
def build_inbound_rules_for(participant_id, in_policies, ss_instance, final_switch): "Given a subset of inbound policies, return all the resulting rules." rules = [] for policy in in_policies: if "fwd" not in policy["action"]: continue port_num = policy["action"]["fwd"] # match on the next-hop vmac_bitmask = vmac_next_hop_mask(ss_instance) vmac = vmac_next_hop_match(participant_id, ss_instance) match_args = policy["match"] match_args["eth_dst"] = (vmac, vmac_bitmask) port_num = policy["action"]["fwd"] new_vmac = vmac_part_port_match(participant_id, port_num, ss_instance) actions = {"set_eth_dst": new_vmac, "fwd": [final_switch]} rule = { "rule_type": "inbound", "priority": INBOUND_HIT_PRIORITY, "match": match_args, "action": actions, "mod_type": "insert", "cookie": (policy["cookie"], 2 ** 16 - 1), } rules.append(rule) return rules
def update_outbound_rules(sdx_msgs, policies, ss_instance, my_mac): supersets = ss_instance.supersets rules = [] if "outbound" not in policies: return rules outbound = policies["outbound"] # map each participant to a list of our policies which forward to them part_2_policy = {} # build this mapping for policy in outbound: if "fwd" in policy["action"]: part = int(policy["action"]["fwd"]) if part not in part_2_policy: part_2_policy[part] = [] part_2_policy[part].append(policy) updates = sdx_msgs["changes"] for update in updates: part = int(update["participant_id"]) superset_id = int(update["superset"]) bit_position = int(update["position"]) # if we have no rules regarding this participant, skip if part not in part_2_policy: continue # for all policies involving this participant for policy in part_2_policy[part]: # vmac and mask which check if part is reachable vmac = vmac_participant_match(superset_id, bit_position, ss_instance) vmac_bitmask = vmac_participant_mask(bit_position, ss_instance) # the vmac which will be written on a policy match next_hop_mac = vmac_next_hop_match(part, ss_instance, inbound_bit=True) match_args = policy["match"] match_args["eth_dst"] = (vmac, vmac_bitmask) match_args["eth_src"] = my_mac actions = {"set_eth_dst": next_hop_mac, "fwd": ["inbound"]} rule = { "rule_type": "outbound", "priority": OUTBOUND_HIT_PRIORITY, "match": match_args, "action": actions, "mod_type": "insert", "cookie": (policy["cookie"], 2 ** 16 - 1), } rules.append(rule) return rules
def update_outbound_rules(sdx_msgs, policies, ss_instance, my_mac): supersets = ss_instance.supersets rules = [] if 'outbound' not in policies: return rules outbound = policies['outbound'] # map each participant to a list of our policies which forward to them part_2_policy = {} # build this mapping for policy in outbound: if "fwd" in policy["action"]: part = int(policy["action"]["fwd"]) if part not in part_2_policy: part_2_policy[part] = [] part_2_policy[part].append(policy) updates = sdx_msgs["changes"] for update in updates: part = int(update["participant_id"]) superset_id = int(update["superset"]) bit_position = int(update["position"]) # if we have no rules regarding this participant, skip if part not in part_2_policy: continue # for all policies involving this participant for policy in part_2_policy[part]: # vmac and mask which check if part is reachable vmac = vmac_participant_match(superset_id, bit_position, ss_instance) vmac_bitmask = vmac_participant_mask(bit_position, ss_instance) # the vmac which will be written on a policy match next_hop_mac = vmac_next_hop_match(part, ss_instance, inbound_bit = True) match_args = policy["match"] match_args["eth_dst"] = (vmac, vmac_bitmask) match_args["eth_src"] = my_mac actions = {"set_eth_dst":next_hop_mac, "fwd":["inbound"]} rule = {"rule_type":"outbound", "priority":OUTBOUND_HIT_PRIORITY, "match":match_args , "action":actions, "mod_type":"insert", "cookie":(policy["cookie"],2**16-1)} rules.append(rule) return rules