def capture_new_source_dest_pairs_policy(self):
policies = []
for switch in self.nib.switches_present():
dpid = self.nib.switch_to_dpid(switch)
for endhost in self.nib.get_endhosts(switch):
(host, host_port, host_mac, host_ip) = endhost
opposite_switch = self.nib.opposite_switch(switch)
dest_cdr = self.nib.actual_net_for(opposite_switch)
(dest_net, dest_mask) = NetUtils.net_mask(dest_cdr)
# Note we really don't have to test for source IP, but it's extra security
policies.append(
Filter(
Policies.at_switch_port(dpid, host_port)
& Policies.is_ip()
& IP4SrcEq(host_ip)
& IP4DstEq(dest_net, dest_mask)
& self.destination_not_known_host_on_net(host_ip, dest_cdr)
)
>> Policies.send_to_controller()
)
for ap in self.nib.alternate_paths():
dest_cdr = ap[opposite_switch]
(dest_net, dest_mask) = NetUtils.net_mask(dest_cdr)
policies.append(
Filter(
Policies.at_switch_port(dpid, host_port)
& Policies.is_ip()
& IP4SrcEq(host_ip)
& IP4DstEq(dest_net, dest_mask)
& self.destination_not_known_host_on_net(host_ip, dest_cdr)
)
>> Policies.send_to_controller()
)
# Now handle incoming packets for all our home networks. We need to learn
# those (src, dest) pairs as well
for ap in self.nib.alternate_paths():
dest_cdr = ap[switch]
(dest_net, dest_mask) = NetUtils.net_mask(dest_cdr)
policies.append(
Filter(Policies.is_ip() & IP4DstEq(dest_net, dest_mask) & self.src_dest_pair_not_learned(dest_cdr))
>> Policies.send_to_controller()
)
return Union(policies)
def policy(self):
policies = []
for switch in self.nib.switches_present():
dpid = self.nib.switch_to_dpid(switch)
# In normal mode, we capture ARP requests for IP's that don't really exist. You can
# think of them as symbolic links to the real IP. We capture .1 address of
# each of the endpoint networks, plus any real hosts on the net
# And we capture ARP requests for the alternate paths. These will always be for
# hosts that have no real estate on the imaginary link, as in 192.168.156.100 along
# the 192.168.156.* imaginary network. This will be translated to the real net 192.168.56.100
# Note: only the routers actually send these requests, not end hosts, who always send them
# to a default gateway.
for ap in self.nib.alternate_paths():
(net, mask) = NetUtils.net_mask(ap[switch])
policies.append(Filter(Policies.at_switch(dpid) & Policies.is_arp() & IP4DstEq(net,mask)) >> Policies.send_to_controller())
return Union(policies)
def dest_real_net(self, switch): net_and_mask = self.nib.actual_net_for(switch) (net, mask) = NetUtils.net_mask(net_and_mask) return IP4DstEq(net,mask)
