예제 #1
0
  /**
   * Converse of addRule. Since we know all the rules ever stored in this flowmap we simply retrieve
   * the rule using the id provided and remove each of its fields from the underlying structures.
   *
   * @param id - the id of the rule to remove
   * @throws FlowEntryNotFound - if this id is unknown. Could indicate that rule has already been
   *     removed.
   * @return
   */
  public void removeRule(int id) throws FlowEntryNotFound {
    ruleCount--;

    if (!rules.containsKey(id)) throw new FlowEntryNotFound(id);

    FlowEntry rule = rules.get(id);

    BitSet flowRuleSet = getFlowRuleSet(rule);

    remove(port, rule.getRuleMatch().getInputPort(), flowRuleSet);
    remove(dpids, rule.dpid, flowRuleSet);
    remove(vlan, (int) rule.getRuleMatch().getDataLayerVirtualLan(), flowRuleSet);
    remove(vlan, rule.getRuleMatch().getDataLayerVirtualLanPriorityCodePoint() << 16, flowRuleSet);
    remove(dl_type, rule.getRuleMatch().getDataLayerType(), flowRuleSet);

    remove(nw, (short) rule.getRuleMatch().getNetworkProtocol(), flowRuleSet);
    remove(nw, (short) (rule.getRuleMatch().getNetworkTypeOfService() << 8), flowRuleSet);

    remove(tp, (int) rule.getRuleMatch().getTransportSource(), flowRuleSet);
    remove(tp, rule.getRuleMatch().getTransportDestination() << 16, flowRuleSet);

    remove(dl_src, FVMatch.toLong(rule.getRuleMatch().getDataLayerSource()), flowRuleSet);
    remove(dl_dst, FVMatch.toLong(rule.getRuleMatch().getDataLayerDestination()), flowRuleSet);

    remove(prioSet, rule.getPriority(), flowRuleSet);

    vlan_ignore.clear(rule.getId());
    rules.remove(rule.getId());
    allRules.andNot(flowRuleSet);
  }
예제 #2
0
  /**
   * match is called when a switch sends a packet in to the controller. The goal is to find all flow
   * space rules which match the fields of the packet in.
   *
   * @param dpid - the datapath id of the switch which sent the packet in.
   * @param match - the packet in information
   * @return a list, sorted by priority, of flow space rules which match.
   */
  public List<FlowEntry> match(long dpid, FVMatch match) {
    BitSet set = new BitSet();
    LinkedList<FlowEntry> flowrules = new LinkedList<FlowEntry>();
    int wildcards = match.getWildcards();
    FVLog.log(LogLevel.DEBUG, null, "dpid: ", dpid, "match: ", match.toString());

    set.or(allRules);
    FVLog.log(LogLevel.DEBUG, null, "allRules: ", set.toString());

    try {

      testEmpty(set, dpids, dpid, FlowEntry.ALL_DPIDS, wildcards, 0);
      /*
       * Test every field and intersect the resulting bitset. If the bit
       * set is empty an exception is thrown to stop the search.
       */
      testEmpty(set, port, match.getInputPort(), ANY_IN_PORT, wildcards, FVMatch.OFPFW_IN_PORT);
      if (match.getDataLayerVirtualLan() != ANY_VLAN_ID) {
        testEmpty(
            set,
            vlan,
            (int) match.getDataLayerVirtualLan(),
            (int) ANY_VLAN_ID,
            wildcards,
            FVMatch.OFPFW_DL_VLAN);
        testEmpty(
            set,
            vlan,
            match.getDataLayerVirtualLanPriorityCodePoint() << 16,
            ANY_VLAN_PCP << 16,
            wildcards,
            FVMatch.OFPFW_DL_VLAN_PCP);
      } else {

        set.andNot(vlan_ignore);
      }

      testEmpty(
          set, dl_type, match.getDataLayerType(), ANY_ETHER, wildcards, FVMatch.OFPFW_DL_TYPE);

      testEmpty(
          set,
          nw,
          (short) match.getNetworkProtocol(),
          (short) ANY_NW_PROTO_TOS,
          wildcards,
          FVMatch.OFPFW_NW_PROTO);

      testEmpty(
          set,
          nw,
          (short) (match.getNetworkTypeOfService() << 8),
          (short) (ANY_NW_PROTO_TOS << 8),
          wildcards,
          FVMatch.OFPFW_NW_TOS);

      testEmpty(
          set, tp, (int) match.getTransportSource(), (int) ANY_TP, wildcards, FVMatch.OFPFW_TP_SRC);

      testEmpty(
          set,
          tp,
          match.getTransportDestination() << 16,
          ANY_TP << 16,
          wildcards,
          FVMatch.OFPFW_TP_DST);

      testEmpty(
          set,
          dl_src,
          FVMatch.toLong(match.getDataLayerSource()),
          ANY_MAC,
          wildcards,
          FVMatch.OFPFW_DL_SRC);

      testEmpty(
          set,
          dl_dst,
          FVMatch.toLong(match.getDataLayerDestination()),
          ANY_MAC,
          wildcards,
          FVMatch.OFPFW_DL_DST);

      for (int i = set.nextSetBit(0); i >= 0; i = set.nextSetBit(i + 1)) {
        FlowEntry fe = rules.get(i);
        FVMatch ruleMatch = fe.getRuleMatch();
        FlowIntersect inter;
        inter = new FlowIntersect(fe.clone());

        FVMatch interMatch = inter.getMatch();
        interMatch.setNetworkDestination(
            testIP(
                inter,
                FVMatch.OFPFW_NW_DST_SHIFT,
                match.getNetworkDestinationMaskLen(),
                ruleMatch.getNetworkDestinationMaskLen(),
                match.getNetworkDestination(),
                ruleMatch.getNetworkDestination()));
        if (inter.getMatchType() == MatchType.NONE) {
          set.clear(i);
          continue;
        }

        // test ip_src
        interMatch.setNetworkSource(
            testIP(
                inter,
                FVMatch.OFPFW_NW_SRC_SHIFT,
                match.getNetworkSourceMaskLen(),
                ruleMatch.getNetworkSourceMaskLen(),
                match.getNetworkSource(),
                ruleMatch.getNetworkSource()));
        if (inter.getMatchType() == MatchType.NONE) {
          set.clear(i);
          continue;
        }
      }

    } catch (NoMatch e) {
      FVLog.log(LogLevel.INFO, null, "No match for: ", match);
      return flowrules;
    }

    /*
     * If we got here we have a match. Now return a prioritized list of
     * matches.
     *
     * Higher numbers have higher priorities.
     */

    TreeSet<FlowEntry> entries = new TreeSet<FlowEntry>();
    for (int i = set.nextSetBit(0); i >= 0; i = set.nextSetBit(i + 1)) {
      entries.add(rules.get(i));
    }
    flowrules.addAll(entries);
    return flowrules;
  }
예제 #3
0
  /**
   * This is called when a controller issues a FlowMod. The goal here is to rewrite flowmods so that
   * they guarantee traffic isolation between slices. A flowmod is rewritten following these rules:
   *
   * <p>1. Its field is wildcarded, then for every potentially matching rule we rewrite the field
   * with the value in the rule.
   *
   * <p>2. Its field is specified, then leave it untouched, but use it for matching purposes.
   *
   * <p>3. We have a potential partial match: 3.1. The field and the flowrule field do not overlap,
   * return no match. 3.2. The fields overlap, return the smallest possible intersection of the two.
   *
   * <p>Currently rule 3 only applies to IP addresses, but this could change in the future.
   *
   * @param dpid - The dpid this flowmod is directed to, could be wildcarded.
   * @param match - The set of field modifications issued by this flowmod.
   * @return a list of intersections (ie. flowmod rewrites) created by the flowmod issued from the
   *     controller.
   */
  public List<FlowIntersect> intersect(long dpid, FVMatch match) {
    FVLog.log(LogLevel.DEBUG, null, "dpid: ", dpid, " match: ", match.toString());
    BitSet set = new BitSet();
    normalize(match);
    int wildcards = match.getWildcards();
    TreeSet<FlowIntersect> ret = new TreeSet<FlowIntersect>();
    HashMap<Integer, FlowIntersect> intersections = new HashMap<Integer, FlowIntersect>();
    HashMap<Integer, Pair<Boolean, BitSet>> rewrites =
        new HashMap<Integer, Pair<Boolean, BitSet>>();

    set.or(allRules);

    try {

      testEmpty(set, dpids, dpid, FlowEntry.ALL_DPIDS, wildcards, 0);

      rewrites.put(
          FVMatch.OFPFW_IN_PORT,
          new Pair<Boolean, BitSet>(
              testEmpty(
                  set, port, match.getInputPort(), ANY_IN_PORT, wildcards, FVMatch.OFPFW_IN_PORT),
              set));

      rewrites.put(
          FVMatch.OFPFW_DL_SRC,
          new Pair<Boolean, BitSet>(
              testEmpty(
                  set,
                  dl_src,
                  FVMatch.toLong(match.getDataLayerSource()),
                  ANY_MAC,
                  wildcards,
                  FVMatch.OFPFW_DL_SRC),
              set));

      rewrites.put(
          FVMatch.OFPFW_DL_DST,
          new Pair<Boolean, BitSet>(
              testEmpty(
                  set,
                  dl_dst,
                  FVMatch.toLong(match.getDataLayerDestination()),
                  ANY_MAC,
                  wildcards,
                  FVMatch.OFPFW_DL_DST),
              set));

      rewrites.put(
          FVMatch.OFPFW_DL_VLAN,
          new Pair<Boolean, BitSet>(
              testEmpty(
                  set,
                  vlan,
                  (int) match.getDataLayerVirtualLan(),
                  (int) ANY_VLAN_ID,
                  wildcards,
                  FVMatch.OFPFW_DL_VLAN),
              set));

      rewrites.put(
          FVMatch.OFPFW_DL_VLAN_PCP,
          new Pair<Boolean, BitSet>(
              testEmpty(
                  set,
                  vlan,
                  match.getDataLayerVirtualLanPriorityCodePoint() << 16,
                  ANY_VLAN_PCP << 16,
                  wildcards,
                  FVMatch.OFPFW_DL_VLAN_PCP),
              set));
      rewrites.put(
          FVMatch.OFPFW_DL_TYPE,
          new Pair<Boolean, BitSet>(
              testEmpty(
                  set,
                  dl_type,
                  match.getDataLayerType(),
                  ANY_ETHER,
                  wildcards,
                  FVMatch.OFPFW_DL_TYPE),
              set));

      rewrites.put(
          FVMatch.OFPFW_NW_PROTO,
          new Pair<Boolean, BitSet>(
              testEmpty(
                  set,
                  nw,
                  (short) match.getNetworkProtocol(),
                  (short) ANY_NW_PROTO_TOS,
                  wildcards,
                  FVMatch.OFPFW_NW_PROTO),
              set));

      rewrites.put(
          FVMatch.OFPFW_NW_TOS,
          new Pair<Boolean, BitSet>(
              testEmpty(
                  set,
                  nw,
                  (short) (match.getNetworkTypeOfService() << 8),
                  (short) (ANY_NW_PROTO_TOS << 8),
                  wildcards,
                  FVMatch.OFPFW_NW_TOS),
              set));

      rewrites.put(
          FVMatch.OFPFW_TP_SRC,
          new Pair<Boolean, BitSet>(
              testEmpty(
                  set,
                  tp,
                  (int) match.getTransportSource(),
                  (int) ANY_TP,
                  wildcards,
                  FVMatch.OFPFW_TP_SRC),
              set));

      rewrites.put(
          FVMatch.OFPFW_TP_DST,
          new Pair<Boolean, BitSet>(
              testEmpty(
                  set,
                  tp,
                  match.getTransportDestination() << 16,
                  ANY_TP << 16,
                  wildcards,
                  FVMatch.OFPFW_TP_DST),
              set));

      int field = 0;
      boolean rewrite = false;
      BitSet inters = null;
      FlowIntersect flow = null;
      FlowEntry rule = null;

      for (Entry<Integer, Pair<Boolean, BitSet>> entry : rewrites.entrySet()) {
        field = entry.getKey();
        rewrite = entry.getValue().getFirst();
        inters = entry.getValue().getSecond();
        FVLog.log(LogLevel.DEBUG, null, "Rule ids which intersect: ", inters.toString());
        for (int i = inters.nextSetBit(0); i >= 0; i = inters.nextSetBit(i + 1)) {
          rule = rules.get(i).clone();
          flow = getIntersect(rule, intersections);

          if (!rewrite) {
            rule.setRuleMatch(match);
            setField(flow, rule.getRuleMatch(), field);
          }

          FVMatch ruleMatch = rules.get(i).getRuleMatch();
          FlowIntersect inter = flow;
          FVMatch interMatch = inter.getMatch();
          interMatch.setNetworkDestination(
              testIP(
                  inter,
                  FVMatch.OFPFW_NW_DST_SHIFT,
                  match.getNetworkDestinationMaskLen(),
                  ruleMatch.getNetworkDestinationMaskLen(),
                  match.getNetworkDestination(),
                  ruleMatch.getNetworkDestination()));
          if (inter.getMatchType() == MatchType.NONE) continue;

          interMatch.setNetworkSource(
              testIP(
                  inter,
                  FVMatch.OFPFW_NW_SRC_SHIFT,
                  match.getNetworkSourceMaskLen(),
                  ruleMatch.getNetworkSourceMaskLen(),
                  match.getNetworkSource(),
                  ruleMatch.getNetworkSource()));
          if (inter.getMatchType() == MatchType.NONE) continue;
          intersections.put(flow.getFlowEntry().getId(), flow);
        }
      }

      /*
       * Need to resolve intersection by priority.
       *
       * In the worst case this will be O(n) where n is the number of
       * rules. But in average we will only have a small subset of the
       * rules. Right??
       */
      ret.addAll(intersections.values());
      FVLog.log(LogLevel.DEBUG, null, "Intersections: ", intersections);

    } catch (NoMatch e) {
      FVLog.log(LogLevel.FATAL, null, "Failed to intersect flow mod " + match);
      return new ArrayList<FlowIntersect>(ret);
    } catch (UnknownMatchField umf) {
      FVLog.log(LogLevel.FATAL, null, umf.getMessage());
    }

    return new ArrayList<FlowIntersect>(ret);
  }
예제 #4
0
  /**
   * Adds a rule to the flowmap. It does so by exploding the rule into its fields and storing each
   * field into its independent structure.
   *
   * @param rule - the rule which will be added to the flowmap
   * @return
   */
  public void addRule(FlowEntry rule) {
    ruleCount++;
    allRules.set(rule.getId());
    BitSet flowRuleSet = getFlowRuleSet(rule);

    add(dpids, rule.dpid, flowRuleSet);

    add(
        port,
        (rule.getRuleMatch().getWildcards() & FVMatch.OFPFW_IN_PORT) != 0
            ? ANY_IN_PORT
            : rule.getRuleMatch().getInputPort(),
        flowRuleSet);

    short vid = rule.getRuleMatch().getDataLayerVirtualLan();
    int vpcp = rule.getRuleMatch().getDataLayerVirtualLanPriorityCodePoint();

    /*
     * Openflowj sets unspecified fields to zero.
     */
    if (vid != 0 || vpcp != 0) {
      vlan_ignore.set(rule.getId());
    }

    add(
        vlan,
        (rule.getRuleMatch().getWildcards() & FVMatch.OFPFW_DL_VLAN) != 0
            ? (int) ANY_VLAN_ID
            : (int) rule.getRuleMatch().getDataLayerVirtualLan(),
        flowRuleSet);

    add(
        vlan,
        (rule.getRuleMatch().getWildcards() & FVMatch.OFPFW_DL_VLAN_PCP) != 0
            ? ANY_VLAN_PCP << 16
            : rule.getRuleMatch().getDataLayerVirtualLanPriorityCodePoint() << 16,
        flowRuleSet);

    add(
        dl_type,
        (rule.getRuleMatch().getWildcards() & FVMatch.OFPFW_DL_TYPE) != 0
            ? ANY_ETHER
            : rule.getRuleMatch().getDataLayerType(),
        flowRuleSet);

    add(
        nw,
        (rule.getRuleMatch().getWildcards() & FVMatch.OFPFW_NW_PROTO) != 0
            ? ANY_NW_PROTO_TOS
            : (short) rule.getRuleMatch().getNetworkProtocol(),
        flowRuleSet);

    add(
        nw,
        (rule.getRuleMatch().getWildcards() & FVMatch.OFPFW_NW_TOS) != 0
            ? (short) (ANY_NW_PROTO_TOS << 8)
            : (short) (rule.getRuleMatch().getNetworkTypeOfService() << 8),
        flowRuleSet);

    add(
        tp,
        (rule.getRuleMatch().getWildcards() & FVMatch.OFPFW_TP_SRC) != 0
            ? ANY_TP
            : (int) rule.getRuleMatch().getTransportSource(),
        flowRuleSet);

    add(
        tp,
        (rule.getRuleMatch().getWildcards() & FVMatch.OFPFW_TP_DST) != 0
            ? ANY_TP << 16
            : rule.getRuleMatch().getTransportDestination() << 16,
        flowRuleSet);

    add(
        dl_src,
        (rule.getRuleMatch().getWildcards() & FVMatch.OFPFW_DL_SRC) != 0
            ? ANY_MAC
            : FVMatch.toLong(rule.getRuleMatch().getDataLayerSource()),
        flowRuleSet);
    add(
        dl_dst,
        (rule.getRuleMatch().getWildcards() & FVMatch.OFPFW_DL_DST) != 0
            ? ANY_MAC
            : FVMatch.toLong(rule.getRuleMatch().getDataLayerDestination()),
        flowRuleSet);

    add(prioSet, rule.getPriority(), flowRuleSet);
    FVLog.log(LogLevel.DEBUG, null, "prioSet:", prioSet);
    rules.put(rule.getId(), rule);
    getPrioSetRange();
  }