Exemplo n.º 1
0
def build_acl_entry(rule_conf, acl_allow_inst, port_num=None, vlan_vid=None):
    acl_inst = []
    match_dict = {}
    for attrib, attrib_value in list(rule_conf.items()):
        if attrib.startswith('_') and attrib.endswith('_'):
            continue
        if attrib == 'in_port':
            continue
        if attrib == 'actions':
            allow = False
            allow_specified = False
            if 'allow' in attrib_value:
                allow_specified = True
                if attrib_value['allow'] == 1:
                    allow = True
            if 'mirror' in attrib_value:
                port_no = attrib_value['mirror']
                acl_inst.append(
                    valve_of.apply_actions([valve_of.output_port(port_no)]))
                if not allow_specified:
                    allow = True
            if 'output' in attrib_value:
                output_dict = attrib_value['output']
                output_actions = []
                output_port = None
                if 'port' in output_dict:
                    output_port = output_dict['port']

                # if destination rewriting selected, rewrite it.
                if 'dl_dst' in output_dict:
                    output_actions.append(
                        valve_of.set_eth_dst(output_dict['dl_dst']))
                # rewrite any VLAN headers.
                vlan_actions = rewrite_vlan(output_dict)
                if vlan_actions:
                    output_actions.extend(vlan_actions)
                # output to a port if specified.
                if output_port is not None:
                    output_actions.append(valve_of.output_port(output_port))

                acl_inst.append(valve_of.apply_actions(output_actions))

                # if port specified, output packet now and exit pipeline.
                if output_port is not None:
                    continue

            if allow:
                acl_inst.append(acl_allow_inst)
        else:
            match_dict[attrib] = attrib_value
    if port_num is not None:
        match_dict['in_port'] = port_num
    if vlan_vid is not None:
        match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid)
    acl_match = valve_of.match_from_dict(match_dict)
    return acl_match, acl_inst
Exemplo n.º 2
0
def build_acl_entry(rule_conf,
                    acl_allow_inst,
                    meters,
                    port_num=None,
                    vlan_vid=None):
    acl_inst = []
    match_dict = {}
    ofmsgs = []
    for attrib, attrib_value in list(rule_conf.items()):
        if attrib == 'in_port':
            continue
        if attrib == 'actions':
            allow = False
            allow_specified = False
            if 'allow' in attrib_value:
                allow_specified = True
                if attrib_value['allow'] == 1:
                    allow = True
            if 'meter' in attrib_value:
                meter_name = attrib_value['meter']
                acl_inst.append(
                    valve_of.apply_meter(meters[meter_name].meter_id))
            if 'mirror' in attrib_value:
                port_no = attrib_value['mirror']
                acl_inst.append(
                    valve_of.apply_actions([valve_of.output_port(port_no)]))
                if not allow_specified:
                    allow = True
            if 'output' in attrib_value:
                output_port, output_actions, output_ofmsgs = build_output_actions(
                    attrib_value['output'])
                acl_inst.append(valve_of.apply_actions(output_actions))
                ofmsgs.extend(output_ofmsgs)

                # if port specified, output packet now and exit pipeline.
                if output_port is not None:
                    continue

            if allow:
                acl_inst.append(acl_allow_inst)
        else:
            match_dict[attrib] = attrib_value
    if port_num is not None:
        match_dict['in_port'] = port_num
    if vlan_vid is not None:
        match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid)
    acl_match = valve_of.match_from_dict(match_dict)
    return (acl_match, acl_inst, ofmsgs)
Exemplo n.º 3
0
def build_acl_entry(rule_conf, acl_allow_inst, port_num=None, vlan_vid=None):
    acl_inst = []
    match_dict = {}
    for attrib, attrib_value in rule_conf.items():
        if attrib == 'in_port':
            continue
        if attrib == 'actions':
            allow = False
            allow_specified = False
            if 'allow' in attrib_value:
                allow_specified = True
                if attrib_value['allow'] == 1:
                    allow = True
            if 'mirror' in attrib_value:
                port_no = attrib_value['mirror']
                acl_inst.append(
                    valve_of.apply_actions([valve_of.output_port(port_no)]))
                if not allow_specified:
                    allow = True
            # if output selected, output packet now and exit pipeline.
            if 'output' in attrib_value:
                output_dict = attrib_value['output']
                output_actions = []
                # if destination rewriting selected, rewrite it.
                if 'dl_dst' in output_dict:
                    output_actions.append(
                        valve_of.set_eth_dst(output_dict['dl_dst']))
                # if vlan tag is specified, push it.
                if 'vlan_vid' in output_dict:
                    output_actions.extend(
                        valve_of.push_vlan_act(output_dict['vlan_vid']))
                # output to port
                port_no = output_dict['port']
                output_actions.append(valve_of.output_port(port_no))
                acl_inst.append(valve_of.apply_actions(output_actions))
                continue
            if allow:
                acl_inst.append(acl_allow_inst)
        else:
            match_dict[attrib] = attrib_value
    if port_num is not None:
        match_dict['in_port'] = port_num
    if vlan_vid is not None:
        match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid)
    acl_match = valve_of.match_from_dict(match_dict)
    return acl_match, acl_inst
Exemplo n.º 4
0
def build_acl_entry(rule_conf, acl_allow_inst, port_num=None, vlan_vid=None):
    acl_inst = []
    match_dict = {}
    for attrib, attrib_value in rule_conf.iteritems():
        if attrib == 'in_port':
            continue
        if attrib == 'actions':
            allow = False
            allow_specified = False
            if 'allow' in attrib_value:
                allow_specified = True
                if attrib_value['allow'] == 1:
                    allow = True
            if 'mirror' in attrib_value:
                port_no = attrib_value['mirror']
                acl_inst.append(
                    valve_of.apply_actions([valve_of.output_port(port_no)]))
                if not allow_specified:
                    allow = True
            # if output selected, output packet now and exit pipeline.
            if 'output' in attrib_value:
                output_dict = attrib_value['output']
                output_actions = []
                # if destination rewriting selected, rewrite it.
                if 'dl_dst' in output_dict:
                    output_actions.append(
                        valve_of.set_eth_dst(output_dict['dl_dst']))
                # if vlan tag is specified, push it.
                if 'vlan_vid' in output_dict:
                    output_actions.extend(
                        valve_of.push_vlan_act(output_dict['vlan_vid']))
                # output to port
                port_no = output_dict['port']
                output_actions.append(valve_of.output_port(port_no))
                acl_inst.append(valve_of.apply_actions(output_actions))
                continue
            if allow:
                acl_inst.append(acl_allow_inst)
        else:
            match_dict[attrib] = attrib_value
    if port_num is not None:
        match_dict['in_port'] = port_num
    if vlan_vid is not None:
        match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid)
    acl_match = valve_of.match_from_dict(match_dict)
    return acl_match, acl_inst