def build_tunnel_ofmsgs(rule_conf,
acl_table,
priority,
port_num=None,
vlan_vid=None,
flowdel=False):
"""Build a specific tunnel only ofmsgs"""
ofmsgs = []
acl_inst = []
acl_match = []
acl_match_dict = {}
_, output_actions, output_ofmsgs = build_output_actions(
acl_table, rule_conf)
ofmsgs.extend(output_ofmsgs)
acl_inst.append(valve_of.apply_actions(output_actions))
if port_num is not None:
acl_match_dict['in_port'] = port_num
if vlan_vid is not None:
acl_match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid)
acl_match = valve_of.match_from_dict(acl_match_dict)
flowmod = acl_table.flowmod(acl_match, priority=priority, inst=acl_inst)
if flowdel:
ofmsgs.append(
acl_table.flowdel(match=acl_match, priority=priority,
strict=False))
ofmsgs.append(flowmod)
return ofmsgs
def build_tunnel_ofmsgs(rule_conf, acl_table, priority,
port_num=None, vlan_vid=None, flowdel=False,
reverse=False):
"""Build a specific tunnel only ofmsgs"""
ofmsgs = []
acl_inst = []
acl_match = []
acl_match_dict = {}
_, output_actions, output_ofmsgs, output_inst = build_output_actions(acl_table, rule_conf)
ofmsgs.extend(output_ofmsgs)
acl_inst.extend(output_inst)
acl_inst.append(valve_of.apply_actions(output_actions))
if port_num is not None:
acl_match_dict['in_port'] = port_num
if vlan_vid is not None:
acl_match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid)
if reverse:
acl_match_dict['vlan_pcp'] = valve_of.PCP_TUNNEL_REVERSE_DIRECTION_FLAG
else:
acl_match_dict['vlan_pcp'] = valve_of.PCP_TUNNEL_FLAG
try:
acl_match = valve_of.match_from_dict(acl_match_dict)
except TypeError as type_error:
raise InvalidConfigError('invalid match type in ACL') from type_error
flowmod = acl_table.flowmod(acl_match, priority=priority, inst=tuple(acl_inst))
if flowdel:
ofmsgs.append(acl_table.flowdel(match=acl_match, priority=priority, strict=False))
ofmsgs.append(flowmod)
return ofmsgs
def add_mac_address_to_match(match, eth_src):
"""Add or change the value of a match type"""
# NOTE: This function has been created to work around for
# OFPMatch.set_dl_src() not storing persistent changes
if not eth_src:
return match
dict_match = dict(match.items())
dict_match['eth_src'] = eth_src
return valve_of.match_from_dict(dict_match)
def add_mac_address_to_match(match, eth_src):
"""Add or change the value of a match type"""
# NOTE: This function has been created to work around for
# OFPMatch.set_dl_src() not storing persistent changes
if not eth_src:
return match
dict_match = dict(match.items())
dict_match['eth_src'] = eth_src
return valve_of.match_from_dict(dict_match)
def build_acl_entry(rule_conf,
acl_allow_inst,
meters,
port_num=None,
vlan_vid=None):
acl_inst = []
acl_match_dict = {}
acl_ofmsgs = []
acl_cookie = None
for attrib, attrib_value in list(rule_conf.items()):
if attrib == 'in_port':
continue
if attrib == 'cookie':
acl_cookie = attrib_value
continue
if attrib == 'actions':
allow = False
allow_specified = False
if 'allow' in attrib_value:
allow_specified = True
if attrib_value['allow'] == 1:
allow = True
if 'meter' in attrib_value:
meter_name = attrib_value['meter']
acl_inst.append(
valve_of.apply_meter(meters[meter_name].meter_id))
if 'mirror' in attrib_value:
port_no = attrib_value['mirror']
acl_inst.append(
valve_of.apply_actions([valve_of.output_port(port_no)]))
if not allow_specified:
allow = True
if 'output' in attrib_value:
output_port, output_actions, output_ofmsgs = build_output_actions(
attrib_value['output'])
acl_inst.append(valve_of.apply_actions(output_actions))
acl_ofmsgs.extend(output_ofmsgs)
# if port specified, output packet now and exit pipeline.
if output_port is not None:
continue
if allow:
acl_inst.append(acl_allow_inst)
else:
acl_match_dict[attrib] = attrib_value
if port_num is not None:
acl_match_dict['in_port'] = port_num
if vlan_vid is not None:
acl_match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid)
try:
acl_match = valve_of.match_from_dict(acl_match_dict)
except TypeError:
assert False, 'invalid type in ACL'
return (acl_match, acl_inst, acl_cookie, acl_ofmsgs)
def build_acl_entry(rule_conf, acl_allow_inst, port_num=None, vlan_vid=None):
acl_inst = []
match_dict = {}
for attrib, attrib_value in list(rule_conf.items()):
if attrib == 'in_port':
continue
if attrib == 'actions':
allow = False
allow_specified = False
if 'allow' in attrib_value:
allow_specified = True
if attrib_value['allow'] == 1:
allow = True
if 'mirror' in attrib_value:
port_no = attrib_value['mirror']
acl_inst.append(
valve_of.apply_actions([valve_of.output_port(port_no)]))
if not allow_specified:
allow = True
if 'output' in attrib_value:
output_dict = attrib_value['output']
output_actions = []
output_port = None
if 'port' in output_dict:
output_port = output_dict['port']
# if destination rewriting selected, rewrite it.
if 'dl_dst' in output_dict:
output_actions.append(
valve_of.set_eth_dst(output_dict['dl_dst']))
# rewrite any VLAN headers.
vlan_actions = rewrite_vlan(output_dict)
if vlan_actions:
output_actions.extend(vlan_actions)
# output to a port if specified.
if output_port is not None:
output_actions.append(valve_of.output_port(output_port))
acl_inst.append(valve_of.apply_actions(output_actions))
# if port specified, output packet now and exit pipeline.
if output_port is not None:
continue
if allow:
acl_inst.append(acl_allow_inst)
else:
match_dict[attrib] = attrib_value
if port_num is not None:
match_dict['in_port'] = port_num
if vlan_vid is not None:
match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid)
acl_match = valve_of.match_from_dict(match_dict)
return acl_match, acl_inst
def build_acl_entry( # pylint: disable=too-many-arguments,too-many-branches,too-many-statements
acl_table, rule_conf, meters,
acl_allow_inst, acl_force_port_vlan_inst,
port_num=None, vlan_vid=None, tunnel_rules=None, source_id=None):
"""Build flow/groupmods for one ACL rule entry."""
acl_inst = []
acl_act = []
acl_match_dict = {}
acl_ofmsgs = []
acl_cookie = None
allow_inst = acl_allow_inst
for attrib, attrib_value in rule_conf.items():
# if attrib == 'in_port':
# continue
if attrib == 'cookie':
acl_cookie = attrib_value
continue
if attrib == 'description':
continue
if attrib == 'actions':
allow = False
allow_specified = False
if 'allow' in attrib_value:
allow_specified = True
if attrib_value['allow'] == 1:
allow = True
if 'force_port_vlan' in attrib_value:
if attrib_value['force_port_vlan'] == 1:
allow_inst = acl_force_port_vlan_inst
if 'meter' in attrib_value:
meter_name = attrib_value['meter']
acl_inst.append(valve_of.apply_meter(meters[meter_name].meter_id))
if 'mirror' in attrib_value:
port_no = attrib_value['mirror']
acl_act.append(valve_of.output_port(port_no))
if not allow_specified:
allow = True
if 'output' in attrib_value:
output_port, output_actions, output_ofmsgs, output_inst = build_output_actions(
acl_table, attrib_value['output'], tunnel_rules, source_id)
acl_act.extend(output_actions)
acl_ofmsgs.extend(output_ofmsgs)
acl_inst.extend(output_inst)
# if port specified, output packet now and exit pipeline.
if not allow and output_port is not None:
continue
if 'ct' in attrib_value:
ct_action = build_ct_actions(acl_table, attrib_value['ct'])
acl_act.append(ct_action)
if allow:
acl_inst.extend(allow_inst)
else:
acl_match_dict[attrib] = attrib_value
if port_num is not None:
# This overwrites the `in_port` match if it is specified in the ACL config
acl_match_dict['in_port'] = port_num
if vlan_vid is not None:
# This overwrites the `vlan_vid` match if it is specified in the ACL config
acl_match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid)
try:
acl_match = valve_of.match_from_dict(acl_match_dict)
except TypeError as type_error:
raise InvalidConfigError('invalid match type in ACL') from type_error
if acl_act:
acl_inst.append(valve_of.apply_actions(acl_act))
return (acl_match, acl_inst, acl_cookie, acl_ofmsgs)
def build_acl_entry(acl_table,
rule_conf,
meters,
acl_allow_inst,
acl_force_port_vlan_inst,
port_num=None,
vlan_vid=None):
"""Build flow/groupmods for one ACL rule entry."""
acl_inst = []
acl_act = []
acl_match_dict = {}
acl_ofmsgs = []
acl_cookie = None
allow_inst = acl_allow_inst
for attrib, attrib_value in rule_conf.items():
if attrib == 'in_port':
continue
if attrib == 'cookie':
acl_cookie = attrib_value
continue
if attrib == 'description':
continue
if attrib == 'actions':
allow = False
allow_specified = False
if 'allow' in attrib_value:
allow_specified = True
if attrib_value['allow'] == 1:
allow = True
if 'force_port_vlan' in attrib_value:
if attrib_value['force_port_vlan'] == 1:
allow_inst = acl_force_port_vlan_inst
if 'meter' in attrib_value:
meter_name = attrib_value['meter']
acl_inst.append(
valve_of.apply_meter(meters[meter_name].meter_id))
if 'mirror' in attrib_value:
port_no = attrib_value['mirror']
acl_act.append(valve_of.output_port(port_no))
if not allow_specified:
allow = True
if 'output' in attrib_value:
output_port, output_actions, output_ofmsgs = build_output_actions(
acl_table, attrib_value['output'])
acl_act.extend(output_actions)
acl_ofmsgs.extend(output_ofmsgs)
# if port specified, output packet now and exit pipeline.
if not allow and output_port is not None:
continue
if allow:
acl_inst.extend(allow_inst)
else:
acl_match_dict[attrib] = attrib_value
if port_num is not None:
acl_match_dict['in_port'] = port_num
if vlan_vid is not None:
acl_match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid)
try:
acl_match = valve_of.match_from_dict(acl_match_dict)
except TypeError:
raise InvalidConfigError('invalid type in ACL')
if acl_act:
acl_inst.append(valve_of.apply_actions(acl_act))
return (acl_match, acl_inst, acl_cookie, acl_ofmsgs)
def build_acl_entry(acl_table, rule_conf, meters,
acl_allow_inst, acl_force_port_vlan_inst,
port_num=None, vlan_vid=None):
"""Build flow/groupmods for one ACL rule entry."""
acl_inst = []
acl_act = []
acl_match_dict = {}
acl_ofmsgs = []
acl_cookie = None
allow_inst = acl_allow_inst
for attrib, attrib_value in rule_conf.items():
if attrib == 'in_port':
continue
if attrib == 'cookie':
acl_cookie = attrib_value
continue
if attrib == 'description':
continue
if attrib == 'actions':
allow = False
allow_specified = False
if 'allow' in attrib_value:
allow_specified = True
if attrib_value['allow'] == 1:
allow = True
if 'force_port_vlan' in attrib_value:
if attrib_value['force_port_vlan'] == 1:
allow_inst = acl_force_port_vlan_inst
if 'meter' in attrib_value:
meter_name = attrib_value['meter']
acl_inst.append(valve_of.apply_meter(meters[meter_name].meter_id))
if 'mirror' in attrib_value:
port_no = attrib_value['mirror']
acl_act.append(valve_of.output_port(port_no))
if not allow_specified:
allow = True
if 'output' in attrib_value:
output_port, output_actions, output_ofmsgs = build_output_actions(
acl_table, attrib_value['output'])
acl_act.extend(output_actions)
acl_ofmsgs.extend(output_ofmsgs)
# if port specified, output packet now and exit pipeline.
if not allow and output_port is not None:
continue
if allow:
acl_inst.extend(allow_inst)
else:
acl_match_dict[attrib] = attrib_value
if port_num is not None:
acl_match_dict['in_port'] = port_num
if vlan_vid is not None:
acl_match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid)
try:
acl_match = valve_of.match_from_dict(acl_match_dict)
except TypeError:
raise InvalidConfigError('invalid type in ACL')
if acl_act:
acl_inst.append(valve_of.apply_actions(acl_act))
return (acl_match, acl_inst, acl_cookie, acl_ofmsgs)
def set_field(**kwds):
"""Return set field action."""
# raise exception if unknown set field.
valve_of.match_from_dict(kwds)
return valve_of.set_field(**kwds)
