/*
* @return true if slice exists, otherwise false
* @param sliceName name of slice to check for existance
*/
public static boolean doesSliceExist(String sliceName) {
List<String> slices = new ArrayList<String>();
try {
slices = FVConfig.getAllSlices();
} catch (ConfigError e) {
e.printStackTrace();
}
return slices.contains(sliceName);
}
@Override
public Map<String, String> getSliceInfo(String sliceName)
throws PermissionDeniedException, SliceNotFound {
/*
* relaxed security -- anyone can read slice info for now String user =
* APIUserCred.getUserName(); if (!FVConfig.isSupervisor(user) &&
* !APIAuth.transitivelyCreated(user, sliceName)) throw new
* PermissionDeniedException(
* "not superuser or transitive slice creator");
*/
if (!(doesSliceExist(sliceName))) {
throw new SliceNotFound("Slice does not exist: " + sliceName);
}
HashMap<String, String> map = new HashMap<String, String>();
synchronized (FVConfig.class) {
try {
map.put("contact_email", FVConfig.getSliceEmail(sliceName));
map.put("controller_hostname", FVConfig.getSliceHost(sliceName));
map.put("controller_port", String.valueOf(FVConfig.getSlicePort(sliceName)));
map.put("creator", FVConfig.getSliceCreator(sliceName));
map.put("drop_policy", FVConfig.getSlicePolicy(sliceName));
} catch (ConfigError e) {
FVLog.log(LogLevel.CRIT, null, "malformed slice: " + e);
e.printStackTrace();
}
}
long dpid;
int connection = 1;
// TODO: come back an architect this so we can walk the list of slicers,
// not the list of classifiers, and then slicers
for (Iterator<FVEventHandler> it = FlowVisor.getInstance().getHandlersCopy().iterator();
it.hasNext(); ) {
FVEventHandler eventHandler = it.next();
if (eventHandler instanceof FVClassifier) {
FVClassifier classifier = (FVClassifier) eventHandler;
if (!classifier.isIdentified()) // only print switches have have
// been identified
continue;
dpid = classifier.getDPID();
FVSlicer fvSlicer = classifier.getSlicerByName(sliceName);
if (fvSlicer != null) {
map.put(
"connection_" + connection++,
FlowSpaceUtil.dpidToString(dpid) + "-->" + fvSlicer.getConnectionName());
}
}
}
return map;
}
@Override
public Boolean changeSlice(String sliceName, String key, String value)
throws MalformedURLException, InvalidSliceName, PermissionDeniedException, InvalidUserInfoKey,
DuplicateControllerException {
String changerSlice = APIUserCred.getUserName();
if (!APIAuth.transitivelyCreated(changerSlice, sliceName)
&& !FVConfig.isSupervisor(changerSlice))
throw new PermissionDeniedException(
"Slice " + changerSlice + " does not have perms to change the passwd of " + sliceName);
/**
* this is the list of things a user is allowed to change about themselves. Critically, it
* should not include "creator" string as this would allow security issues.
*/
try {
if (key.equals("contact_email")) FVConfig.setSliceContactEmail(sliceName, value);
else if (key.equals("controller_hostname")) {
// make sure there isn't already a slice with this hostname and port
// that this slice uses
if (isSecondSliceSharingController(sliceName, value, FVConfig.getSlicePort(sliceName))) {
throw new DuplicateControllerException(
value, FVConfig.getSlicePort(sliceName), sliceName, "changed");
}
FVConfig.setSliceHost(sliceName, value);
} else if (key.equals("controller_port")) {
// Make sure that there isn't already a slice on this port that uses
// the same hostname that this slice uses
if (isSecondSliceSharingController(
sliceName, FVConfig.getSliceHost(sliceName), Integer.parseInt(value))) {
throw new DuplicateControllerException(
FVConfig.getSliceHost(sliceName), Integer.parseInt(value), sliceName, "changed");
}
FVConfig.setSlicePort(sliceName, Integer.valueOf(value));
} else if (key.equals("drop_policy")) {
// Set the drop policy when the controller is done,
// either to an exact match of the packet in or to the
// flow entry.
FVConfig.setSliceDropPolicy(sliceName, value);
} else
throw new InvalidUserInfoKey(
"invalid key: "
+ key
+ "-- only contact_email, drop_policy and "
+ "controller_{hostname,port} can be changed");
FlowVisor.getInstance().checkPointConfig();
} catch (ConfigError e) {
// this should probably never happen b/c of above checks
throw new InvalidUserInfoKey(e.toString());
}
return true;
}
@Override
public Boolean getFlowTracking() throws PermissionDeniedException {
String user = APIUserCred.getUserName();
if (!FVConfig.isSupervisor(user))
throw new PermissionDeniedException(
"User " + user + " does not have perms to obtain flow tracking status");
FVLog.log(LogLevel.DEBUG, null, "Getting flow tracking status");
try {
return FlowvisorImpl.getProxy().gettrack_flows();
} catch (ConfigError e) {
FVLog.log(LogLevel.ALERT, null, "Unable to get flow tracking status ", e.getMessage());
}
return null;
}
@Override
public Integer getMaximumFlowMods(String sliceName, String dpid)
throws PermissionDeniedException {
String user = APIUserCred.getUserName();
if (!APIAuth.transitivelyCreated(user, sliceName) && !FVConfig.isSupervisor(user))
throw new PermissionDeniedException(
"User " + user + " does not have perms to get the flow mod limit for slice " + sliceName);
Long dp = FlowSpaceUtil.parseDPID(dpid);
try {
if (dp == FlowEntry.ALL_DPIDS) return SliceImpl.getProxy().getMaxFlowMods(sliceName);
else return SwitchImpl.getProxy().getMaxFlowMods(sliceName, dp);
} catch (ConfigError e) {
FVLog.log(LogLevel.DEBUG, null, "Unable to get flow mod limit; " + e.getMessage());
return null;
}
}
@Override
public String getFloodPerm(String dpidStr) throws PermissionDeniedException {
String user = APIUserCred.getUserName();
if (!FVConfig.isSupervisor(user))
throw new PermissionDeniedException(
"User " + user + " does not have perms to obtain the flood perms of " + dpidStr);
FVLog.log(LogLevel.DEBUG, null, "Setting flood perm for : ", dpidStr);
long dpid = FlowSpaceUtil.parseDPID(dpidStr);
try {
return SwitchImpl.getProxy().getFloodPerm(dpid);
} catch (ConfigError e) {
FVLog.log(LogLevel.ALERT, null, "Unable to set floodperm", e.getMessage());
}
return null;
}
@Override
public Collection<String> listSlices() throws PermissionDeniedException {
/*
* relaxed security; anyone can get a list of slices if
* (!FVConfig.isSupervisor(APIUserCred.getUserName())) throw new
* PermissionDeniedException( "listSlices only available to root");
*/
List<String> slices = null;
synchronized (FVConfig.class) {
try {
// this is synchronized
List<String> entries = FVConfig.getAllSlices();
slices = new LinkedList<String>(entries);
} catch (ConfigError e) {
e.printStackTrace();
throw new RuntimeException("wtf!?: no SLICES subdir found in config");
}
}
return slices;
}
/**
* Create a new slice (without flowspace)
*
* <p>Slices that contain the field separator are rewritten with underscores
*
* @param sliceName Cannot contain FVConfig.FS == '!'
* @param passwd Cleartext! FIXME
* @param controller_url Reference controller pseudo-url, e.g., tcp:hostname[:port]
* @param slice_email As a contract for the slice
* @return success
* @throws InvalidSliceName
* @throws PermissionDeniedException
* @throws DuplicateControllerException
*/
@Override
public Boolean createSlice(
String sliceName,
String passwd,
String controller_url,
String drop_policy,
String slice_email)
throws MalformedControllerURL, InvalidSliceName, InvalidDropPolicy, PermissionDeniedException,
DuplicateControllerException {
// FIXME: make sure this user has perms to do this OP
// for now, all slices can create other slices
// FIXME: for now, only handle tcp, not ssl controller url
String[] list = controller_url.split(":");
if (!FVConfig.isSupervisor(APIUserCred.getUserName()))
throw new PermissionDeniedException("only superusers can create new slices");
if (list.length < 2)
throw new MalformedControllerURL(
"controller url needs to be of the form "
+ "proto:hostname[:port], e.g., tcp:yourhost.foo.com:6633, not: "
+ controller_url);
if (!list[0].equals("tcp"))
throw new MalformedControllerURL(
"Flowvisor currently only supports 'tcp' proto, not: " + list[0]);
int controller_port;
if (list.length >= 3) controller_port = Integer.valueOf(list[2]);
else controller_port = FVConfig.OFP_TCP_PORT;
// createSlice is synchronized()
if (drop_policy.equals("")) drop_policy = "exact";
else if (!drop_policy.equals("exact") && !drop_policy.equals("rule"))
throw new InvalidDropPolicy(
"Flowvisor currently supports an 'exact'" + " or a 'rule' based drop policy");
// We need to make sure this slice doesn't already exist
List<String> slices = null;
synchronized (FVConfig.class) {
try {
slices = FVConfig.getAllSlices();
} catch (ConfigError e) {
e.printStackTrace();
throw new RuntimeException("no SLICES subdir found in config");
}
for (Iterator<String> sliceIter = slices.iterator(); sliceIter.hasNext(); ) {
String existingSlice = sliceIter.next();
if (sliceName.equals(existingSlice)) {
throw new PermissionDeniedException("Cannot create slice with existing name.");
}
}
}
FVConfig.createSlice(
sliceName,
list[1],
controller_port,
drop_policy,
passwd,
slice_email,
APIUserCred.getUserName());
FlowVisor.getInstance().checkPointConfig();
return true;
}