def _add_non_ip_conj_flows(self, port):
"""Install conjunction flows that don't depend on IP address of remote
groups, which consist of actions=conjunction(conj_id, 2/2) flows and
actions=accept flows.
The remaining part is done by ConjIPFlowManager.
"""
for sec_group_id, rule in (
self._create_remote_rules_generator_for_port(port)):
direction = rule['direction']
ethertype = rule['ethertype']
conj_id = self.conj_ip_manager.add(port.vlan_tag, sec_group_id,
rule['remote_group_id'],
direction, ethertype)
flows = rules.create_flows_from_rule_and_port(rule, port)
for flow in rules.substitute_conjunction_actions(
flows, 2, [conj_id]):
self._add_flow(**flow)
# Install actions=accept flows.
for flow in rules.create_conj_flows(
port, conj_id, direction, ethertype):
self._add_flow(**flow)
def _add_non_ip_conj_flows(self, port):
"""Install conjunction flows that don't depend on IP address of remote
groups, which consist of actions=conjunction(conj_id, 2/2) flows and
actions=accept flows.
The remaining part is done by ConjIPFlowManager.
"""
for sec_group_id, rule in (
self._create_remote_rules_generator_for_port(port)):
direction = rule['direction']
ethertype = rule['ethertype']
conj_id = self.conj_ip_manager.add(port.vlan_tag, sec_group_id,
rule['remote_group_id'],
direction, ethertype)
flows = rules.create_flows_from_rule_and_port(rule, port)
for flow in rules.substitute_conjunction_actions(
flows, 2, [conj_id]):
self._add_flow(**flow)
# Install actions=accept flows.
for flow in rules.create_conj_flows(
port, conj_id, direction, ethertype):
self._add_flow(**flow)
def add_flows_from_rules(self, port):
self._initialize_tracked_ingress(port)
self._initialize_tracked_egress(port)
LOG.debug("Creating flow rules for port %s that is port %d in OVS", port.id, port.ofport)
rules_generator = self.create_rules_generator_for_port(port)
for rule in rules_generator:
flows = rules.create_flows_from_rule_and_port(rule, port)
LOG.debug("RULGEN: Rules generated for flow %s are %s", rule, flows)
for flow in flows:
self._accept_flow(**flow)
def _add_non_ip_conj_flows(self, port):
"""Install conjunction flows that don't depend on IP address of remote
groups, which consist of actions=conjunction(conj_id, 2/2) flows and
actions=accept flows.
The remaining part is done by ConjIPFlowManager.
"""
port_rules = collections.defaultdict(list)
for sec_group_id, rule in (
self._create_remote_rules_generator_for_port(port)):
direction = rule['direction']
ethertype = rule['ethertype']
protocol = rule.get('protocol')
priority_offset = rules.flow_priority_offset(rule)
conj_id = self.conj_ip_manager.add(port.vlan_tag, sec_group_id,
rule['remote_group_id'],
direction, ethertype,
priority_offset)
rule1 = rule.copy()
del rule1['remote_group_id']
port_rules_key = (direction, ethertype, protocol)
port_rules[port_rules_key].append((rule1, conj_id))
for (direction, ethertype,
protocol), rule_conj_list in (port_rules.items()):
all_conj_ids = set()
for rule, conj_id in rule_conj_list:
all_conj_ids.add(conj_id)
if protocol in [
lib_const.PROTO_NUM_SCTP, lib_const.PROTO_NUM_TCP,
lib_const.PROTO_NUM_UDP
]:
rule_conj_list = rules.merge_port_ranges(rule_conj_list)
else:
rule_conj_list = rules.merge_common_rules(rule_conj_list)
for rule, conj_ids in rule_conj_list:
flows = rules.create_flows_from_rule_and_port(rule,
port,
conjunction=True)
for flow in rules.substitute_conjunction_actions(
flows, 2, conj_ids):
self._add_flow(**flow)
# Install accept flows and store conj_id to reg7 for future process
for conj_id in all_conj_ids:
for flow in rules.create_conj_flows(port, conj_id, direction,
ethertype):
flow['actions'] = "set_field:{:d}->reg{:d},{:s}".format(
flow['conj_id'], ovsfw_consts.REG_REMOTE_GROUP,
flow['actions'])
self._add_flow(**flow)
def _add_non_ip_conj_flows(self, port):
"""Install conjunction flows that don't depend on IP address of remote
groups, which consist of actions=conjunction(conj_id, 2/2) flows and
actions=accept flows.
The remaining part is done by ConjIPFlowManager.
"""
port_rules = collections.defaultdict(list)
for sec_group_id, rule in (
self._create_remote_rules_generator_for_port(port)):
direction = rule['direction']
ethertype = rule['ethertype']
protocol = rule.get('protocol')
priority_offset = rules.flow_priority_offset(rule)
conj_id = self.conj_ip_manager.add(port.vlan_tag, sec_group_id,
rule['remote_group_id'],
direction, ethertype,
priority_offset)
rule1 = rule.copy()
del rule1['remote_group_id']
port_rules_key = (direction, ethertype, protocol)
port_rules[port_rules_key].append((rule1, conj_id))
for (direction, ethertype, protocol), rule_conj_list in (
port_rules.items()):
all_conj_ids = set()
for rule, conj_id in rule_conj_list:
all_conj_ids.add(conj_id)
if protocol in [lib_const.PROTO_NUM_SCTP,
lib_const.PROTO_NUM_TCP,
lib_const.PROTO_NUM_UDP]:
rule_conj_list = rules.merge_port_ranges(rule_conj_list)
else:
rule_conj_list = rules.merge_common_rules(rule_conj_list)
for rule, conj_ids in rule_conj_list:
flows = rules.create_flows_from_rule_and_port(
rule, port, conjunction=True)
for flow in rules.substitute_conjunction_actions(
flows, 2, conj_ids):
self._add_flow(**flow)
# Install accept flows and store conj_id to reg7 for future process
for conj_id in all_conj_ids:
for flow in rules.create_conj_flows(
port, conj_id, direction, ethertype):
flow['actions'] = "set_field:{:d}->reg{:d},{:s}".format(
flow['conj_id'],
ovsfw_consts.REG_REMOTE_GROUP,
flow['actions']
)
self._add_flow(**flow)
def _log_accept_packet(self, port, log_id, project_id):
cookie = self.generate_cookie(port.id, log_const.ACCEPT_EVENT, log_id,
project_id)
for rule in self.create_rules_generator_for_port(port):
if 'remote_group_id' in rule or 'remote_address_group_id' in rule:
flows = self._create_conj_flows_log(rule, port)
else:
flows = rules.create_flows_from_rule_and_port(rule, port)
for flow in flows:
flow['cookie'] = cookie
self._log_accept_flow(**flow)
def _log_accept_packet(self, port, log_id, project_id):
cookie = self.generate_cookie(port.id, log_const.ACCEPT_EVENT,
log_id, project_id)
for rule in self.create_rules_generator_for_port(port):
if 'remote_group_id' in rule:
flows = self._create_conj_flows_log(rule, port)
else:
flows = rules.create_flows_from_rule_and_port(rule, port)
for flow in flows:
flow['cookie'] = cookie
self._log_accept_flow(**flow)
def add_flows_from_rules(self, port):
self._initialize_tracked_ingress(port)
self._initialize_tracked_egress(port)
LOG.debug('Creating flow rules for port %s that is port %d in OVS',
port.id, port.ofport)
rules_generator = self.create_rules_generator_for_port(port)
for rule in rules_generator:
flows = rules.create_flows_from_rule_and_port(rule, port)
LOG.debug("RULGEN: Rules generated for flow %s are %s",
rule, flows)
for flow in flows:
self._accept_flow(**flow)
def add_flows_from_rules(self, port):
self._initialize_tracked_ingress(port)
self._initialize_tracked_egress(port)
LOG.debug('Creating flow rules for port %s that is port %d in OVS',
port.id, port.ofport)
for rule in self._create_rules_generator_for_port(port):
flows = rules.create_flows_from_rule_and_port(rule, port)
LOG.debug("RULGEN: Rules generated for flow %s are %s",
rule, flows)
for flow in flows:
self._accept_flow(**flow)
self._add_non_ip_conj_flows(port)
self.conj_ip_manager.update_flows_for_vlan(port.vlan_tag)
def _delete_sg_rules_flow_log(self, port, del_rules):
cookie = self._get_cookie(port.id, log_const.ACCEPT_EVENT)
if not cookie:
return
for rule in del_rules:
if 'remote_group_id' in rule or 'remote_address_group_id' in rule:
flows = self._create_conj_flows_log(rule, port)
else:
flows = rules.create_flows_from_rule_and_port(rule, port)
for flow in flows:
for kw in FIELDS_TO_REMOVE:
flow.pop(kw, None)
flow['table'] = OVS_FW_TO_LOG_TABLES[flow['table']]
flow['cookie'] = cookie.id
self._delete_flows(**flow)
def add_flows_from_rules(self, port):
self._initialize_tracked_ingress(port)
self._initialize_tracked_egress(port)
LOG.debug('Creating flow rules for port %s that is port %d in OVS',
port.id, port.ofport)
for rule in self._create_rules_generator_for_port(port):
flows = rules.create_flows_from_rule_and_port(rule, port)
LOG.debug("RULGEN: Rules generated for flow %s are %s",
rule, flows)
for flow in flows:
self._accept_flow(**flow)
self._add_non_ip_conj_flows(port)
self.conj_ip_manager.update_flows_for_vlan(port.vlan_tag)
def _delete_sg_rules_flow_log(self, port, del_rules):
cookie = self._get_cookie(port.id, log_const.ACCEPT_EVENT)
if not cookie:
return
for rule in del_rules:
if 'remote_group_id' in rule:
flows = self._create_conj_flows_log(rule, port)
else:
flows = rules.create_flows_from_rule_and_port(rule, port)
for flow in flows:
for kw in FIELDS_TO_REMOVE:
flow.pop(kw, None)
flow['table'] = OVS_FW_TO_LOG_TABLES[flow['table']]
flow['cookie'] = cookie.id
self._delete_flows(**flow)
def add_flows_from_rules(self, port):
self._initialize_tracked_ingress(port)
self._initialize_tracked_egress(port)
LOG.debug('Creating flow rules for port %s that is port %d in OVS',
port.id, port.ofport)
for rule in self._create_rules_generator_for_port(port):
# NOTE(toshii): A better version of merge_common_rules and
# its friend should be applied here in order to avoid
# overlapping flows.
flows = rules.create_flows_from_rule_and_port(rule, port)
LOG.debug("RULGEN: Rules generated for flow %s are %s", rule,
flows)
for flow in flows:
self._accept_flow(**flow)
self._add_non_ip_conj_flows(port)
self.conj_ip_manager.update_flows_for_vlan(port.vlan_tag)
def add_flows_from_rules(self, port):
self._initialize_tracked_ingress(port)
self._initialize_tracked_egress(port)
LOG.debug('Creating flow rules for port %s that is port %d in OVS',
port.id, port.ofport)
for rule in self._create_rules_generator_for_port(port):
# NOTE(toshii): A better version of merge_common_rules and
# its friend should be applied here in order to avoid
# overlapping flows.
flows = rules.create_flows_from_rule_and_port(rule, port)
LOG.debug("RULGEN: Rules generated for flow %s are %s",
rule, flows)
for flow in flows:
self._accept_flow(**flow)
self._add_non_ip_conj_flows(port)
self.conj_ip_manager.update_flows_for_vlan(port.vlan_tag)
def _test_create_flows_from_rule_and_port_helper(self, rule,
expected_template):
rules.create_flows_from_rule_and_port(rule, self.port)
self.assertEqual(expected_template, self.passed_flow_template)
def _test_create_flows_from_rule_and_port_helper(
self, rule, expected_template):
rules.create_flows_from_rule_and_port(rule, self.port)
self.assertEqual(expected_template, self.passed_flow_template)
