def remove_subscriber_he_flows(self, ue_addr: IPAddress, rule_num: int = -1): """ Remove proxy flows of give policy rule of the subscriber. Args: ue_addr(str): IP address of UE rule_num(int): rule num of the policy rule """ logging.info("Del HE rule: ue-ip: %s rule %d", ue_addr, rule_num) ue_ip_str = ipv4_address_to_str(ue_addr) if ue_ip_str not in self._he_enabled_ue_ips: return if rule_num == -1: ip_match_in = get_ue_ip_match_args(ue_addr, Direction.IN) match_in = MagmaMatch(eth_type=get_eth_type(ue_addr), **ip_match_in) flows.delete_flow(self._datapath, self.tbl_num, match_in) ip_match_out = get_ue_ip_match_args(ue_addr, Direction.OUT) match_out = MagmaMatch(eth_type=get_eth_type(ue_addr), **ip_match_out) flows.delete_flow(self._datapath, self.tbl_num, match_out) else: match = MagmaMatch() flows.delete_flow(self._datapath, self.tbl_num, match, cookie=rule_num, cookie_mask=flows.OVS_COOKIE_MATCH_ALL) deactivate_he_urls_for_ue(ue_addr) self._he_enabled_ue_ips.remove(ue_ip_str)
def remove_subscriber_he_flows( self, ue_addr: IPAddress, rule_id: str = "", rule_num: int = -1, ): """ Remove proxy flows of give policy rule of the subscriber. Args: ue_addr(str): IP address of UE rule_id(str) Rule id rule_num(int): rule num of the policy rule """ ue_ip_str = ipv4_address_to_str(ue_addr) if self._ue_rule_counter.get(ue_ip_str) == 0: return logging.info( "Del HE rule: ue-ip: %s rule_id: %s rule %d", ue_addr, rule_id, rule_num, ) if rule_num == -1: ip_match_in = get_ue_ip_match_args(ue_addr, Direction.IN) match_in = MagmaMatch( eth_type=get_eth_type(ue_addr), **ip_match_in, ) flows.delete_flow(self._datapath, self.tbl_num, match_in) ip_match_out = get_ue_ip_match_args(ue_addr, Direction.OUT) match_out = MagmaMatch( eth_type=get_eth_type(ue_addr), **ip_match_out, ) flows.delete_flow(self._datapath, self.tbl_num, match_out) else: match = MagmaMatch() flows.delete_flow( self._datapath, self.tbl_num, match, cookie=rule_num, cookie_mask=flows.OVS_COOKIE_MATCH_ALL, ) success = deactivate_he_urls_for_ue(ue_addr, rule_id) logging.debug("Del HE proxy: %s", success) if success: if rule_num == -1: self._ue_rule_counter.delete(ue_ip_str) else: self._ue_rule_counter.dec(ue_ip_str)
def _add_policy_rule_to_ebpf_dp( self, ip_addr, urls, flow, qos_handle, ): ue_ip = ipv4_address_to_str(ip_addr) direction = get_direction_for_match(flow.match) if self.ebpf is None: return if direction != Direction.OUT: return if is_flow_match_set(flow.match): self.logger.debug("skip ebpf entry due to required flow match") return if urls and len(urls) != 0: self.logger.debug("skip ebpf entry due to HE rule.") return self.ebpf.add_ul_entry(qos_handle, ue_ip)
def _get_classify_rule_flow_msgs(self, imsi, msisdn: bytes, uplink_tunnel: int, ip_addr, apn_ambr, flow, rule_num, priority, qos, hard_timeout, rule_id, app_name, app_service_type, next_table, version, qos_mgr, copy_table, urls: List[str] = None): """ Install a flow from a rule. If the flow action is DENY, then the flow will drop the packet. Otherwise, the flow classifies the packet with its matched rule and injects the rule num into the packet's register. """ parser = self._datapath.ofproto_parser flow_match = flow_match_to_magma_match(flow.match, ip_addr) flow_match.imsi = encode_imsi(imsi) flow_match_actions, instructions = self._get_action_for_rule( flow, rule_num, imsi, ip_addr, apn_ambr, qos, rule_id, version, qos_mgr) msgs = [] if app_name: # We have to allow initial traffic to pass through, before it gets # classified by DPI, flow match set app_id to unclassified flow_match.app_id = UNCLASSIFIED_PROTO_ID passthrough_actions = flow_match_actions + \ [parser.NXActionRegLoad2(dst=SCRATCH_REGS[1], value=IGNORE_STATS)] msgs.append( flows.get_add_resubmit_current_service_flow_msg( self._datapath, self.tbl_num, flow_match, passthrough_actions, hard_timeout=hard_timeout, priority=Utils.UNCLASSIFIED_ALLOW_PRIORITY, cookie=rule_num, copy_table=copy_table, resubmit_table=next_table)) flow_match.app_id = get_app_id( PolicyRule.AppName.Name(app_name), PolicyRule.AppServiceType.Name(app_service_type), ) # For DROP flow just send to stats table, it'll get dropped there if flow.action == flow.DENY: flow_match_actions = flow_match_actions + \ [parser.NXActionRegLoad2(dst=SCRATCH_REGS[1], value=DROP_FLOW_STATS)] msgs.append( flows.get_add_resubmit_current_service_flow_msg( self._datapath, self.tbl_num, flow_match, flow_match_actions, hard_timeout=hard_timeout, priority=priority, cookie=rule_num, resubmit_table=copy_table)) else: msgs.append( flows.get_add_resubmit_current_service_flow_msg( self._datapath, self.tbl_num, flow_match, flow_match_actions, instructions=instructions, hard_timeout=hard_timeout, priority=priority, cookie=rule_num, copy_table=copy_table, resubmit_table=next_table)) if self.proxy_controller: ue_ip = ipv4_address_to_str(ip_addr) ip_dst = get_flow_ip_dst(flow.match) direction = get_direction_for_match(flow.match) proxy_msgs = self.proxy_controller.get_subscriber_he_flows( rule_id, direction, ue_ip, uplink_tunnel, ip_dst, rule_num, urls, imsi, msisdn) msgs.extend(proxy_msgs) return msgs