Beispiel #1
0
 @Override
 public boolean setMaximumFlowMods(String sliceName, String dpid, String maxFlowMods)
     throws PermissionDeniedException {
   String user = APIUserCred.getUserName();
   if (!APIAuth.transitivelyCreated(user, sliceName) && !FVConfig.isSupervisor(user))
     throw new PermissionDeniedException(
         "User " + user + " does not have perms to set the flow mod limit for slice " + sliceName);
   Long dp = FlowSpaceUtil.parseDPID(dpid);
   int limit = Integer.parseInt(maxFlowMods);
   FVLog.log(
       LogLevel.DEBUG,
       null,
       "Setting flowmod limit for slice "
           + sliceName
           + " for dpid "
           + dpid
           + " to "
           + maxFlowMods);
   try {
     if (dp == FlowEntry.ALL_DPIDS) SliceImpl.getProxy().setMaxFlowMods(sliceName, limit);
     else SwitchImpl.getProxy().setMaxFlowMods(sliceName, dp, limit);
   } catch (ConfigError e) {
     return false;
   }
   return true;
 }
Beispiel #2
0
 @Override
 public String dumpConfig() throws PermissionDeniedException, FileNotFoundException {
   String user = APIUserCred.getUserName();
   if (!FVConfig.isSupervisor(user))
     throw new PermissionDeniedException(
         "User " + user + " cannot dump the configuration to file ");
   return FVConfig.getConfig();
 }
Beispiel #3
0
 protected Collection<FlowEntry> getFlowEntries() throws ConfigError {
   String sliceName = APIUserCred.getUserName();
   FVLog.log(LogLevel.DEBUG, null, "API listFlowSpace() by: " + sliceName);
   FlowMap flowMap;
   synchronized (FVConfig.class) {
     if (FVConfig.isSupervisor(sliceName)) flowMap = FVConfig.getFlowSpaceFlowMap();
     else flowMap = FlowSpaceUtil.getSliceFlowSpace(sliceName);
     return flowMap.getRules();
   }
 }
Beispiel #4
0
 @Override
 public Boolean setFlowTracking(String flowtracking) throws PermissionDeniedException {
   String user = APIUserCred.getUserName();
   if (!FVConfig.isSupervisor(user))
     throw new PermissionDeniedException(
         "User " + user + " does not have perms to enable or disable flow tracking");
   boolean track = Boolean.parseBoolean(flowtracking);
   FVLog.log(
       LogLevel.DEBUG, null, "Setting flow tracking to " + (track ? "enabled." : "disabled."));
   FlowvisorImpl.getProxy().settrack_flows(track);
   return true;
 }
Beispiel #5
0
  @Override
  public Boolean changeSlice(String sliceName, String key, String value)
      throws MalformedURLException, InvalidSliceName, PermissionDeniedException, InvalidUserInfoKey,
          DuplicateControllerException {
    String changerSlice = APIUserCred.getUserName();
    if (!APIAuth.transitivelyCreated(changerSlice, sliceName)
        && !FVConfig.isSupervisor(changerSlice))
      throw new PermissionDeniedException(
          "Slice " + changerSlice + " does not have perms to change the passwd of " + sliceName);
    /**
     * this is the list of things a user is allowed to change about themselves. Critically, it
     * should not include "creator" string as this would allow security issues.
     */
    try {
      if (key.equals("contact_email")) FVConfig.setSliceContactEmail(sliceName, value);
      else if (key.equals("controller_hostname")) {
        // make sure there isn't already a slice with this hostname and port
        // that this slice uses
        if (isSecondSliceSharingController(sliceName, value, FVConfig.getSlicePort(sliceName))) {
          throw new DuplicateControllerException(
              value, FVConfig.getSlicePort(sliceName), sliceName, "changed");
        }
        FVConfig.setSliceHost(sliceName, value);
      } else if (key.equals("controller_port")) {
        // Make sure that there isn't already a slice on this port that uses
        // the same hostname that this slice uses
        if (isSecondSliceSharingController(
            sliceName, FVConfig.getSliceHost(sliceName), Integer.parseInt(value))) {
          throw new DuplicateControllerException(
              FVConfig.getSliceHost(sliceName), Integer.parseInt(value), sliceName, "changed");
        }

        FVConfig.setSlicePort(sliceName, Integer.valueOf(value));
      } else if (key.equals("drop_policy")) {
        // Set the drop policy when the controller is done,
        // either to an exact match of the packet in or to the
        // flow entry.
        FVConfig.setSliceDropPolicy(sliceName, value);
      } else
        throw new InvalidUserInfoKey(
            "invalid key: "
                + key
                + "-- only contact_email, drop_policy and "
                + "controller_{hostname,port} can be changed");
      FlowVisor.getInstance().checkPointConfig();
    } catch (ConfigError e) {
      // this should probably never happen b/c of above checks
      throw new InvalidUserInfoKey(e.toString());
    }

    return true;
  }
Beispiel #6
0
 public Integer getCurrentFlowMods(String sliceName, String dpid)
     throws PermissionDeniedException, SliceNotFound, DPIDNotFound {
   String user = APIUserCred.getUserName();
   if (!APIAuth.transitivelyCreated(user, sliceName) && !FVConfig.isSupervisor(user))
     throw new PermissionDeniedException(
         "User "
             + user
             + " does not have perms to get the current flow mod value for slice "
             + sliceName);
   Long dp = FlowSpaceUtil.parseDPID(dpid);
   if (dp == FlowEntry.ALL_DPIDS) return getSliceLimits().getSliceFMLimit(sliceName);
   else return lookupClassifier(dp).getCurrentFlowModCounter(sliceName);
 }
Beispiel #7
0
 @Override
 public Boolean getFlowTracking() throws PermissionDeniedException {
   String user = APIUserCred.getUserName();
   if (!FVConfig.isSupervisor(user))
     throw new PermissionDeniedException(
         "User " + user + " does not have perms to obtain flow tracking status");
   FVLog.log(LogLevel.DEBUG, null, "Getting flow tracking status");
   try {
     return FlowvisorImpl.getProxy().gettrack_flows();
   } catch (ConfigError e) {
     FVLog.log(LogLevel.ALERT, null, "Unable to get flow tracking status ", e.getMessage());
   }
   return null;
 }
Beispiel #8
0
  @Override
  public Boolean setFloodPerm(String floodPerm) throws PermissionDeniedException {
    String user = APIUserCred.getUserName();
    if (!FVConfig.isSupervisor(user))
      throw new PermissionDeniedException(
          "User "
              + user
              + " does not have perms to change the default flood perms to "
              + floodPerm);
    FVLog.log(LogLevel.DEBUG, null, "Setting default flood perm to " + floodPerm);

    FlowvisorImpl.getProxy().setFloodPerm(floodPerm);
    return true;
  }
Beispiel #9
0
 /**
  * Change the password for this slice
  *
  * <p>A slice is allowed to change its own password and the password of any slice that it has
  * (transitively) created
  *
  * @param sliceName
  * @param newPasswd
  */
 @Override
 public Boolean changePasswd(String sliceName, String newPasswd) throws PermissionDeniedException {
   String changerSlice = APIUserCred.getUserName();
   if (!APIAuth.transitivelyCreated(changerSlice, sliceName)
       && !FVConfig.isSupervisor(changerSlice))
     throw new PermissionDeniedException(
         "Slice " + changerSlice + " does not have perms to change the passwd of " + sliceName);
   String salt = APIAuth.getSalt();
   String crypt = APIAuth.makeCrypt(salt, newPasswd);
   sliceName = FVConfig.sanitize(sliceName);
   // set passwd is synchronized
   FVConfig.setPasswd(sliceName, salt, crypt);
   FlowVisor.getInstance().checkPointConfig();
   return true;
 }
Beispiel #10
0
 @Override
 public Integer getMaximumFlowMods(String sliceName, String dpid)
     throws PermissionDeniedException {
   String user = APIUserCred.getUserName();
   if (!APIAuth.transitivelyCreated(user, sliceName) && !FVConfig.isSupervisor(user))
     throw new PermissionDeniedException(
         "User " + user + " does not have perms to get the flow mod limit for slice " + sliceName);
   Long dp = FlowSpaceUtil.parseDPID(dpid);
   try {
     if (dp == FlowEntry.ALL_DPIDS) return SliceImpl.getProxy().getMaxFlowMods(sliceName);
     else return SwitchImpl.getProxy().getMaxFlowMods(sliceName, dp);
   } catch (ConfigError e) {
     FVLog.log(LogLevel.DEBUG, null, "Unable to get flow mod limit; " + e.getMessage());
     return null;
   }
 }
Beispiel #11
0
  @Override
  public String getFloodPerm(String dpidStr) throws PermissionDeniedException {
    String user = APIUserCred.getUserName();
    if (!FVConfig.isSupervisor(user))
      throw new PermissionDeniedException(
          "User " + user + " does not have perms to obtain the flood perms of " + dpidStr);
    FVLog.log(LogLevel.DEBUG, null, "Setting flood perm for : ", dpidStr);
    long dpid = FlowSpaceUtil.parseDPID(dpidStr);
    try {
      return SwitchImpl.getProxy().getFloodPerm(dpid);

    } catch (ConfigError e) {
      FVLog.log(LogLevel.ALERT, null, "Unable to set floodperm", e.getMessage());
    }
    return null;
  }
Beispiel #12
0
  /**
   * Create a new slice (without flowspace)
   *
   * <p>Slices that contain the field separator are rewritten with underscores
   *
   * @param sliceName Cannot contain FVConfig.FS == '!'
   * @param passwd Cleartext! FIXME
   * @param controller_url Reference controller pseudo-url, e.g., tcp:hostname[:port]
   * @param slice_email As a contract for the slice
   * @return success
   * @throws InvalidSliceName
   * @throws PermissionDeniedException
   * @throws DuplicateControllerException
   */
  @Override
  public Boolean createSlice(
      String sliceName,
      String passwd,
      String controller_url,
      String drop_policy,
      String slice_email)
      throws MalformedControllerURL, InvalidSliceName, InvalidDropPolicy, PermissionDeniedException,
          DuplicateControllerException {
    // FIXME: make sure this user has perms to do this OP
    // for now, all slices can create other slices
    // FIXME: for now, only handle tcp, not ssl controller url
    String[] list = controller_url.split(":");
    if (!FVConfig.isSupervisor(APIUserCred.getUserName()))
      throw new PermissionDeniedException("only superusers can create new slices");
    if (list.length < 2)
      throw new MalformedControllerURL(
          "controller url needs to be of the form "
              + "proto:hostname[:port], e.g., tcp:yourhost.foo.com:6633, not: "
              + controller_url);
    if (!list[0].equals("tcp"))
      throw new MalformedControllerURL(
          "Flowvisor currently only supports 'tcp' proto, not: " + list[0]);
    int controller_port;
    if (list.length >= 3) controller_port = Integer.valueOf(list[2]);
    else controller_port = FVConfig.OFP_TCP_PORT;
    // createSlice is synchronized()

    if (drop_policy.equals("")) drop_policy = "exact";
    else if (!drop_policy.equals("exact") && !drop_policy.equals("rule"))
      throw new InvalidDropPolicy(
          "Flowvisor currently supports an 'exact'" + " or a 'rule' based drop policy");

    // We need to make sure this slice doesn't already exist
    List<String> slices = null;
    synchronized (FVConfig.class) {
      try {
        slices = FVConfig.getAllSlices();
      } catch (ConfigError e) {
        e.printStackTrace();
        throw new RuntimeException("no SLICES subdir found in config");
      }
      for (Iterator<String> sliceIter = slices.iterator(); sliceIter.hasNext(); ) {
        String existingSlice = sliceIter.next();
        if (sliceName.equals(existingSlice)) {
          throw new PermissionDeniedException("Cannot create slice with existing name.");
        }
      }
    }

    FVConfig.createSlice(
        sliceName,
        list[1],
        controller_port,
        drop_policy,
        passwd,
        slice_email,
        APIUserCred.getUserName());
    FlowVisor.getInstance().checkPointConfig();
    return true;
  }