reduce safetap priority to 254 and have whitelist priority to 255, match both...

reduce safetap priority to 254 and have whitelist priority to 255, match both UDP and TCP to drop packets
parent a3a175c5
......@@ -894,7 +894,7 @@ class TapPolicyController(ControllerBase):
def mod_flow(self, dp, cookie=0, cookie_mask=0, table_id=0,
command=None, idle_timeout=0, hard_timeout=0,
priority=0xff, buffer_id=0xffffffff, match=None,
priority=0xfe, buffer_id=0xffffffff, match=None,
actions=None, inst_type=None, out_port=None,
out_group=None, flags=0, inst=None):
......@@ -1177,7 +1177,7 @@ def installPopVlanFlow(self, dpid, outport, vlanid):
def mod_flow(dp, cookie=0, cookie_mask=0, table_id=0,
command=None, idle_timeout=0, hard_timeout=0,
priority=0xff, buffer_id=0xffffffff, match=None,
priority=0xfe, buffer_id=0xffffffff, match=None,
actions=None, inst_type=None, out_port=None,
out_group=None, flags=0, inst=None):
......
......@@ -99,9 +99,14 @@ class TopoNetController(ControllerBase):
def whitelistEntry(self, req, **kwargs):
print "whitelist traffic"
print "using dp id instead of tap id for now :("
post_values = req.POST
dpid_pd = post_values['dpid']
try:
post_values = eval(req.body)
except SyntaxError:
LOG.info('invalid syntax %s', req.body)
return Response(status=400)
dpid_pd = post_values.get('dpid')
dpid = hex_to_int(dpid_pd)
dp = self.dpset.get(dpid)
......@@ -114,20 +119,11 @@ class TopoNetController(ControllerBase):
# we whitelist in IP space - as of now IPV4
eth_type = ether.ETH_TYPE_IP
ip_proto = inet.IPPROTO_TCP
ip_proto = inet.IPPROTO_UDP
ipv4_src = post_values.get('ipv4_src',0)
ipv4_dst = post_values.get('ipv4_dst',0)
tcp_src = post_values.get('tcp_src', 0)
tcp_dst = post_values.get('tcp_dst', 0)
try:
tcp_src = eval(tcp_src)
tcp_dst = eval(tcp_dst)
except SyntaxError:
return Response(status=400)
print "ip-src[%s][%d] ip-dst[%s][%d]" % (ipv4_src, tcp_src, ipv4_dst,
tcp_dst)
print "ip-src[%s] ip-dst[%s]" % (ipv4_src, ipv4_dst)
if ipv4_src is 0:
print "invalid ipv4_src"
......@@ -135,41 +131,15 @@ class TopoNetController(ControllerBase):
elif ipv4_dst is 0:
print "invalid ipv4_dst"
return Response(status=404)
elif tcp_src is 0:
print "invalid tcp_src"
return Response(status=404)
elif tcp_dst is 0:
print "invalid tcp_dst"
return Response(status=404)
match = ofp.OFPMatch(eth_type=eth_type, ip_proto=ip_proto, ipv4_src=ipv4_src, ipv4_dst=ipv4_dst, tcp_src=tcp_src, tcp_dst=tcp_dst)
'''
match = ofp.OFPMatch()
match.set_dl_type(eth_type)
match.set_ip_proto(ip_proto)
match.set_ipv4_src(self.ipv4_to_int(ipv4_src))
match.set_ipv4_dst(self.ipv4_to_int(ipv4_dst))
match.set_tcp_src(tcp_src)
match.set_tcp_dst(tcp_dst)
'''
stats = ofp.OFPFlowStatsRequest(dp, flags=0,
table_id=20,out_port=of.OFPP_ANY, out_group=of.OFPG_ANY,
cookie=0, cookie_mask=0, match=match)
msgs = []
ofctl_v1_3.send_stats_request(dp, stats, self.waiters, msgs)
priority_to_set =255
flows = []
for msg in msgs:
for stats in msg.body:
if stats.priority > priority_to_set:
print "updating priority from %d to %d" % (priority_to_set, stats.priority+1)
priority_to_set = stats.priority +1
match = ofp.OFPMatch(eth_type=eth_type, ip_proto=ip_proto, ipv4_src=ipv4_src, ipv4_dst=ipv4_dst)
#set hardtime out to be 10s for now :)
mod_flow(dp, table_id=20, command=of.OFPFC_ADD, priority=priority_to_set, hard_timeout=10, match=match)
ip_proto = inet.IPPROTO_TCP
match = ofp.OFPMatch(eth_type=eth_type, ip_proto=ip_proto, ipv4_src=ipv4_src, ipv4_dst=ipv4_dst)
#set hardtime out to be 10s for now :)
mod_flow(dp, table=20, priority=priority_to_set, hard_timeout=10, match=match)
mod_flow(dp, table_id=20, command=of.OFPFC_ADD, priority=priority_to_set, hard_timeout=10, match=match)
return Response(status=200)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment