def build_tunnel_ofmsgs(rule_conf, acl_table, priority, port_num=None, vlan_vid=None, flowdel=False): """Build a specific tunnel only ofmsgs""" ofmsgs = [] acl_inst = [] acl_match = [] acl_match_dict = {} _, output_actions, output_ofmsgs = build_output_actions( acl_table, rule_conf) ofmsgs.extend(output_ofmsgs) acl_inst.append(valve_of.apply_actions(output_actions)) if port_num is not None: acl_match_dict['in_port'] = port_num if vlan_vid is not None: acl_match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid) acl_match = valve_of.match_from_dict(acl_match_dict) flowmod = acl_table.flowmod(acl_match, priority=priority, inst=acl_inst) if flowdel: ofmsgs.append( acl_table.flowdel(match=acl_match, priority=priority, strict=False)) ofmsgs.append(flowmod) return ofmsgs
def build_tunnel_ofmsgs(rule_conf, acl_table, priority, port_num=None, vlan_vid=None, flowdel=False, reverse=False): """Build a specific tunnel only ofmsgs""" ofmsgs = [] acl_inst = [] acl_match = [] acl_match_dict = {} _, output_actions, output_ofmsgs, output_inst = build_output_actions(acl_table, rule_conf) ofmsgs.extend(output_ofmsgs) acl_inst.extend(output_inst) acl_inst.append(valve_of.apply_actions(output_actions)) if port_num is not None: acl_match_dict['in_port'] = port_num if vlan_vid is not None: acl_match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid) if reverse: acl_match_dict['vlan_pcp'] = valve_of.PCP_TUNNEL_REVERSE_DIRECTION_FLAG else: acl_match_dict['vlan_pcp'] = valve_of.PCP_TUNNEL_FLAG try: acl_match = valve_of.match_from_dict(acl_match_dict) except TypeError as type_error: raise InvalidConfigError('invalid match type in ACL') from type_error flowmod = acl_table.flowmod(acl_match, priority=priority, inst=tuple(acl_inst)) if flowdel: ofmsgs.append(acl_table.flowdel(match=acl_match, priority=priority, strict=False)) ofmsgs.append(flowmod) return ofmsgs
def add_mac_address_to_match(match, eth_src): """Add or change the value of a match type""" # NOTE: This function has been created to work around for # OFPMatch.set_dl_src() not storing persistent changes if not eth_src: return match dict_match = dict(match.items()) dict_match['eth_src'] = eth_src return valve_of.match_from_dict(dict_match)
def build_acl_entry(rule_conf, acl_allow_inst, meters, port_num=None, vlan_vid=None): acl_inst = [] acl_match_dict = {} acl_ofmsgs = [] acl_cookie = None for attrib, attrib_value in list(rule_conf.items()): if attrib == 'in_port': continue if attrib == 'cookie': acl_cookie = attrib_value continue if attrib == 'actions': allow = False allow_specified = False if 'allow' in attrib_value: allow_specified = True if attrib_value['allow'] == 1: allow = True if 'meter' in attrib_value: meter_name = attrib_value['meter'] acl_inst.append( valve_of.apply_meter(meters[meter_name].meter_id)) if 'mirror' in attrib_value: port_no = attrib_value['mirror'] acl_inst.append( valve_of.apply_actions([valve_of.output_port(port_no)])) if not allow_specified: allow = True if 'output' in attrib_value: output_port, output_actions, output_ofmsgs = build_output_actions( attrib_value['output']) acl_inst.append(valve_of.apply_actions(output_actions)) acl_ofmsgs.extend(output_ofmsgs) # if port specified, output packet now and exit pipeline. if output_port is not None: continue if allow: acl_inst.append(acl_allow_inst) else: acl_match_dict[attrib] = attrib_value if port_num is not None: acl_match_dict['in_port'] = port_num if vlan_vid is not None: acl_match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid) try: acl_match = valve_of.match_from_dict(acl_match_dict) except TypeError: assert False, 'invalid type in ACL' return (acl_match, acl_inst, acl_cookie, acl_ofmsgs)
def build_acl_entry(rule_conf, acl_allow_inst, port_num=None, vlan_vid=None): acl_inst = [] match_dict = {} for attrib, attrib_value in list(rule_conf.items()): if attrib == 'in_port': continue if attrib == 'actions': allow = False allow_specified = False if 'allow' in attrib_value: allow_specified = True if attrib_value['allow'] == 1: allow = True if 'mirror' in attrib_value: port_no = attrib_value['mirror'] acl_inst.append( valve_of.apply_actions([valve_of.output_port(port_no)])) if not allow_specified: allow = True if 'output' in attrib_value: output_dict = attrib_value['output'] output_actions = [] output_port = None if 'port' in output_dict: output_port = output_dict['port'] # if destination rewriting selected, rewrite it. if 'dl_dst' in output_dict: output_actions.append( valve_of.set_eth_dst(output_dict['dl_dst'])) # rewrite any VLAN headers. vlan_actions = rewrite_vlan(output_dict) if vlan_actions: output_actions.extend(vlan_actions) # output to a port if specified. if output_port is not None: output_actions.append(valve_of.output_port(output_port)) acl_inst.append(valve_of.apply_actions(output_actions)) # if port specified, output packet now and exit pipeline. if output_port is not None: continue if allow: acl_inst.append(acl_allow_inst) else: match_dict[attrib] = attrib_value if port_num is not None: match_dict['in_port'] = port_num if vlan_vid is not None: match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid) acl_match = valve_of.match_from_dict(match_dict) return acl_match, acl_inst
def build_acl_entry( # pylint: disable=too-many-arguments,too-many-branches,too-many-statements acl_table, rule_conf, meters, acl_allow_inst, acl_force_port_vlan_inst, port_num=None, vlan_vid=None, tunnel_rules=None, source_id=None): """Build flow/groupmods for one ACL rule entry.""" acl_inst = [] acl_act = [] acl_match_dict = {} acl_ofmsgs = [] acl_cookie = None allow_inst = acl_allow_inst for attrib, attrib_value in rule_conf.items(): # if attrib == 'in_port': # continue if attrib == 'cookie': acl_cookie = attrib_value continue if attrib == 'description': continue if attrib == 'actions': allow = False allow_specified = False if 'allow' in attrib_value: allow_specified = True if attrib_value['allow'] == 1: allow = True if 'force_port_vlan' in attrib_value: if attrib_value['force_port_vlan'] == 1: allow_inst = acl_force_port_vlan_inst if 'meter' in attrib_value: meter_name = attrib_value['meter'] acl_inst.append(valve_of.apply_meter(meters[meter_name].meter_id)) if 'mirror' in attrib_value: port_no = attrib_value['mirror'] acl_act.append(valve_of.output_port(port_no)) if not allow_specified: allow = True if 'output' in attrib_value: output_port, output_actions, output_ofmsgs, output_inst = build_output_actions( acl_table, attrib_value['output'], tunnel_rules, source_id) acl_act.extend(output_actions) acl_ofmsgs.extend(output_ofmsgs) acl_inst.extend(output_inst) # if port specified, output packet now and exit pipeline. if not allow and output_port is not None: continue if 'ct' in attrib_value: ct_action = build_ct_actions(acl_table, attrib_value['ct']) acl_act.append(ct_action) if allow: acl_inst.extend(allow_inst) else: acl_match_dict[attrib] = attrib_value if port_num is not None: # This overwrites the `in_port` match if it is specified in the ACL config acl_match_dict['in_port'] = port_num if vlan_vid is not None: # This overwrites the `vlan_vid` match if it is specified in the ACL config acl_match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid) try: acl_match = valve_of.match_from_dict(acl_match_dict) except TypeError as type_error: raise InvalidConfigError('invalid match type in ACL') from type_error if acl_act: acl_inst.append(valve_of.apply_actions(acl_act)) return (acl_match, acl_inst, acl_cookie, acl_ofmsgs)
def build_acl_entry(acl_table, rule_conf, meters, acl_allow_inst, acl_force_port_vlan_inst, port_num=None, vlan_vid=None): """Build flow/groupmods for one ACL rule entry.""" acl_inst = [] acl_act = [] acl_match_dict = {} acl_ofmsgs = [] acl_cookie = None allow_inst = acl_allow_inst for attrib, attrib_value in rule_conf.items(): if attrib == 'in_port': continue if attrib == 'cookie': acl_cookie = attrib_value continue if attrib == 'description': continue if attrib == 'actions': allow = False allow_specified = False if 'allow' in attrib_value: allow_specified = True if attrib_value['allow'] == 1: allow = True if 'force_port_vlan' in attrib_value: if attrib_value['force_port_vlan'] == 1: allow_inst = acl_force_port_vlan_inst if 'meter' in attrib_value: meter_name = attrib_value['meter'] acl_inst.append( valve_of.apply_meter(meters[meter_name].meter_id)) if 'mirror' in attrib_value: port_no = attrib_value['mirror'] acl_act.append(valve_of.output_port(port_no)) if not allow_specified: allow = True if 'output' in attrib_value: output_port, output_actions, output_ofmsgs = build_output_actions( acl_table, attrib_value['output']) acl_act.extend(output_actions) acl_ofmsgs.extend(output_ofmsgs) # if port specified, output packet now and exit pipeline. if not allow and output_port is not None: continue if allow: acl_inst.extend(allow_inst) else: acl_match_dict[attrib] = attrib_value if port_num is not None: acl_match_dict['in_port'] = port_num if vlan_vid is not None: acl_match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid) try: acl_match = valve_of.match_from_dict(acl_match_dict) except TypeError: raise InvalidConfigError('invalid type in ACL') if acl_act: acl_inst.append(valve_of.apply_actions(acl_act)) return (acl_match, acl_inst, acl_cookie, acl_ofmsgs)
def build_acl_entry(acl_table, rule_conf, meters, acl_allow_inst, acl_force_port_vlan_inst, port_num=None, vlan_vid=None): """Build flow/groupmods for one ACL rule entry.""" acl_inst = [] acl_act = [] acl_match_dict = {} acl_ofmsgs = [] acl_cookie = None allow_inst = acl_allow_inst for attrib, attrib_value in rule_conf.items(): if attrib == 'in_port': continue if attrib == 'cookie': acl_cookie = attrib_value continue if attrib == 'description': continue if attrib == 'actions': allow = False allow_specified = False if 'allow' in attrib_value: allow_specified = True if attrib_value['allow'] == 1: allow = True if 'force_port_vlan' in attrib_value: if attrib_value['force_port_vlan'] == 1: allow_inst = acl_force_port_vlan_inst if 'meter' in attrib_value: meter_name = attrib_value['meter'] acl_inst.append(valve_of.apply_meter(meters[meter_name].meter_id)) if 'mirror' in attrib_value: port_no = attrib_value['mirror'] acl_act.append(valve_of.output_port(port_no)) if not allow_specified: allow = True if 'output' in attrib_value: output_port, output_actions, output_ofmsgs = build_output_actions( acl_table, attrib_value['output']) acl_act.extend(output_actions) acl_ofmsgs.extend(output_ofmsgs) # if port specified, output packet now and exit pipeline. if not allow and output_port is not None: continue if allow: acl_inst.extend(allow_inst) else: acl_match_dict[attrib] = attrib_value if port_num is not None: acl_match_dict['in_port'] = port_num if vlan_vid is not None: acl_match_dict['vlan_vid'] = valve_of.vid_present(vlan_vid) try: acl_match = valve_of.match_from_dict(acl_match_dict) except TypeError: raise InvalidConfigError('invalid type in ACL') if acl_act: acl_inst.append(valve_of.apply_actions(acl_act)) return (acl_match, acl_inst, acl_cookie, acl_ofmsgs)
def set_field(**kwds): """Return set field action.""" # raise exception if unknown set field. valve_of.match_from_dict(kwds) return valve_of.set_field(**kwds)