def setup_policy_acl_flow(dpath, ofctl):
"""
Policy ACL flows when dp enter.
"""
matches = [
ofmatch.Match().eth_type(fibcapi.ETHTYPE_LACP),
ofmatch.Match().eth_type(fibcapi.ETHTYPE_ARP),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV4).ip_proto(fibcapi.IPPROTO_ICMP4),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV6).ip_proto(fibcapi.IPPROTO_ICMP6),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV4).ip_proto(fibcapi.IPPROTO_OSPF),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV6).ip_proto(fibcapi.IPPROTO_OSPF),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV4).ip_proto(fibcapi.IPPROTO_TCP).tcp_src(fibcapi.TCPPORT_BGP),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV4).ip_proto(fibcapi.IPPROTO_TCP).tcp_dst(fibcapi.TCPPORT_BGP),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV6).ip_proto(fibcapi.IPPROTO_TCP).tcp_src(fibcapi.TCPPORT_BGP),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV6).ip_proto(fibcapi.IPPROTO_TCP).tcp_dst(fibcapi.TCPPORT_BGP),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV4).ip_proto(fibcapi.IPPROTO_TCP).tcp_src(fibcapi.TCPPORT_LDP),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV4).ip_proto(fibcapi.IPPROTO_TCP).tcp_dst(fibcapi.TCPPORT_LDP),
ofmatch.Match().ip_dst(fibcapi.MCADDR_ALLROUTERS),
ofmatch.Match().ip_dst(fibcapi.MCADDR_OSPF_HELLO),
ofmatch.Match().ip_dst(fibcapi.MCADDR_OSPF_ALLDR),
]
actions = [ofaction.output(dpath.ofproto.OFPP_CONTROLLER)]
for match in matches:
flow = offlow.flow_mod(
match=match,
actions=actions,
writes=[],
table_id=pb.FlowMod.POLICY_ACL,
priority=fibcapi.PRIORITY_NORMAL,
)
ofctl.mod_flow_entry(dpath, flow, dpath.ofproto.OFPFC_ADD)
def setup_flow(dpath, mod, ofctl):
"""
Setup flows.
"""
_LOG.debug("Default FLow: %d %s", dpath.id, mod)
ofp = dpath.ofproto
# send whole packet to controller
dpath.send_msg(offlow.set_sw_config(dpath))
# clear all flows/groups.
dpath.send_msg(offlow.clear_all(dpath))
for msg in ofgroup.clear_all(dpath):
dpath.send_msg(msg)
# send all packet to controller
flow = offlow.flow_mod(
table_id=0,
priority=0,
match={},
actions=[
ofaction.output(ofp.OFPP_CONTROLLER),
],
writes=[],
)
ofctl.mod_flow_entry(dpath, flow, ofp.OFPFC_ADD)
def _buckets():
if not ofgroup.is_bucket_needed(dpath, cmd):
return []
actions = [ofaction.output(entry.port_id)]
if entry.vlan_vid == ofproto.OFPVID_NONE:
actions.insert(0, ofaction.pop_vlan())
return [dict(actions=actions)]
def _actions():
if not offlow.is_action_needed(dpath, cmd):
return []
return [ofaction.output(dpath.ofproto.OFPP_CONTROLLER)]
