reduce safetap priority to 254 and have whitelist priority to 255, match both...

reduce safetap priority to 254 and have whitelist priority to 255, match both UDP and TCP to drop packets
parent a3a175c5
...@@ -894,7 +894,7 @@ class TapPolicyController(ControllerBase): ...@@ -894,7 +894,7 @@ class TapPolicyController(ControllerBase):
def mod_flow(self, dp, cookie=0, cookie_mask=0, table_id=0, def mod_flow(self, dp, cookie=0, cookie_mask=0, table_id=0,
command=None, idle_timeout=0, hard_timeout=0, command=None, idle_timeout=0, hard_timeout=0,
priority=0xff, buffer_id=0xffffffff, match=None, priority=0xfe, buffer_id=0xffffffff, match=None,
actions=None, inst_type=None, out_port=None, actions=None, inst_type=None, out_port=None,
out_group=None, flags=0, inst=None): out_group=None, flags=0, inst=None):
...@@ -1177,7 +1177,7 @@ def installPopVlanFlow(self, dpid, outport, vlanid): ...@@ -1177,7 +1177,7 @@ def installPopVlanFlow(self, dpid, outport, vlanid):
def mod_flow(dp, cookie=0, cookie_mask=0, table_id=0, def mod_flow(dp, cookie=0, cookie_mask=0, table_id=0,
command=None, idle_timeout=0, hard_timeout=0, command=None, idle_timeout=0, hard_timeout=0,
priority=0xff, buffer_id=0xffffffff, match=None, priority=0xfe, buffer_id=0xffffffff, match=None,
actions=None, inst_type=None, out_port=None, actions=None, inst_type=None, out_port=None,
out_group=None, flags=0, inst=None): out_group=None, flags=0, inst=None):
......
...@@ -99,9 +99,14 @@ class TopoNetController(ControllerBase): ...@@ -99,9 +99,14 @@ class TopoNetController(ControllerBase):
def whitelistEntry(self, req, **kwargs): def whitelistEntry(self, req, **kwargs):
print "whitelist traffic" print "whitelist traffic"
print "using dp id instead of tap id for now :(" print "using dp id instead of tap id for now :("
post_values = req.POST
dpid_pd = post_values['dpid'] try:
post_values = eval(req.body)
except SyntaxError:
LOG.info('invalid syntax %s', req.body)
return Response(status=400)
dpid_pd = post_values.get('dpid')
dpid = hex_to_int(dpid_pd) dpid = hex_to_int(dpid_pd)
dp = self.dpset.get(dpid) dp = self.dpset.get(dpid)
...@@ -114,20 +119,11 @@ class TopoNetController(ControllerBase): ...@@ -114,20 +119,11 @@ class TopoNetController(ControllerBase):
# we whitelist in IP space - as of now IPV4 # we whitelist in IP space - as of now IPV4
eth_type = ether.ETH_TYPE_IP eth_type = ether.ETH_TYPE_IP
ip_proto = inet.IPPROTO_TCP ip_proto = inet.IPPROTO_UDP
ipv4_src = post_values.get('ipv4_src',0) ipv4_src = post_values.get('ipv4_src',0)
ipv4_dst = post_values.get('ipv4_dst',0) ipv4_dst = post_values.get('ipv4_dst',0)
tcp_src = post_values.get('tcp_src', 0)
tcp_dst = post_values.get('tcp_dst', 0)
try: print "ip-src[%s] ip-dst[%s]" % (ipv4_src, ipv4_dst)
tcp_src = eval(tcp_src)
tcp_dst = eval(tcp_dst)
except SyntaxError:
return Response(status=400)
print "ip-src[%s][%d] ip-dst[%s][%d]" % (ipv4_src, tcp_src, ipv4_dst,
tcp_dst)
if ipv4_src is 0: if ipv4_src is 0:
print "invalid ipv4_src" print "invalid ipv4_src"
...@@ -135,41 +131,15 @@ class TopoNetController(ControllerBase): ...@@ -135,41 +131,15 @@ class TopoNetController(ControllerBase):
elif ipv4_dst is 0: elif ipv4_dst is 0:
print "invalid ipv4_dst" print "invalid ipv4_dst"
return Response(status=404) return Response(status=404)
elif tcp_src is 0:
print "invalid tcp_src"
return Response(status=404)
elif tcp_dst is 0:
print "invalid tcp_dst"
return Response(status=404)
match = ofp.OFPMatch(eth_type=eth_type, ip_proto=ip_proto, ipv4_src=ipv4_src, ipv4_dst=ipv4_dst, tcp_src=tcp_src, tcp_dst=tcp_dst)
'''
match = ofp.OFPMatch()
match.set_dl_type(eth_type)
match.set_ip_proto(ip_proto)
match.set_ipv4_src(self.ipv4_to_int(ipv4_src))
match.set_ipv4_dst(self.ipv4_to_int(ipv4_dst))
match.set_tcp_src(tcp_src)
match.set_tcp_dst(tcp_dst)
'''
stats = ofp.OFPFlowStatsRequest(dp, flags=0,
table_id=20,out_port=of.OFPP_ANY, out_group=of.OFPG_ANY,
cookie=0, cookie_mask=0, match=match)
msgs = []
ofctl_v1_3.send_stats_request(dp, stats, self.waiters, msgs)
priority_to_set =255 priority_to_set =255
match = ofp.OFPMatch(eth_type=eth_type, ip_proto=ip_proto, ipv4_src=ipv4_src, ipv4_dst=ipv4_dst)
flows = [] #set hardtime out to be 10s for now :)
for msg in msgs: mod_flow(dp, table_id=20, command=of.OFPFC_ADD, priority=priority_to_set, hard_timeout=10, match=match)
for stats in msg.body: ip_proto = inet.IPPROTO_TCP
if stats.priority > priority_to_set: match = ofp.OFPMatch(eth_type=eth_type, ip_proto=ip_proto, ipv4_src=ipv4_src, ipv4_dst=ipv4_dst)
print "updating priority from %d to %d" % (priority_to_set, stats.priority+1)
priority_to_set = stats.priority +1
#set hardtime out to be 10s for now :) #set hardtime out to be 10s for now :)
mod_flow(dp, table=20, priority=priority_to_set, hard_timeout=10, match=match) mod_flow(dp, table_id=20, command=of.OFPFC_ADD, priority=priority_to_set, hard_timeout=10, match=match)
return Response(status=200) return Response(status=200)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment