@Override
public boolean setMaximumFlowMods(String sliceName, String dpid, String maxFlowMods)
throws PermissionDeniedException {
String user = APIUserCred.getUserName();
if (!APIAuth.transitivelyCreated(user, sliceName) && !FVConfig.isSupervisor(user))
throw new PermissionDeniedException(
"User " + user + " does not have perms to set the flow mod limit for slice " + sliceName);
Long dp = FlowSpaceUtil.parseDPID(dpid);
int limit = Integer.parseInt(maxFlowMods);
FVLog.log(
LogLevel.DEBUG,
null,
"Setting flowmod limit for slice "
+ sliceName
+ " for dpid "
+ dpid
+ " to "
+ maxFlowMods);
try {
if (dp == FlowEntry.ALL_DPIDS) SliceImpl.getProxy().setMaxFlowMods(sliceName, limit);
else SwitchImpl.getProxy().setMaxFlowMods(sliceName, dp, limit);
} catch (ConfigError e) {
return false;
}
return true;
}
@Override
public String dumpConfig() throws PermissionDeniedException, FileNotFoundException {
String user = APIUserCred.getUserName();
if (!FVConfig.isSupervisor(user))
throw new PermissionDeniedException(
"User " + user + " cannot dump the configuration to file ");
return FVConfig.getConfig();
}
protected Collection<FlowEntry> getFlowEntries() throws ConfigError {
String sliceName = APIUserCred.getUserName();
FVLog.log(LogLevel.DEBUG, null, "API listFlowSpace() by: " + sliceName);
FlowMap flowMap;
synchronized (FVConfig.class) {
if (FVConfig.isSupervisor(sliceName)) flowMap = FVConfig.getFlowSpaceFlowMap();
else flowMap = FlowSpaceUtil.getSliceFlowSpace(sliceName);
return flowMap.getRules();
}
}
@Override
public Boolean setFlowTracking(String flowtracking) throws PermissionDeniedException {
String user = APIUserCred.getUserName();
if (!FVConfig.isSupervisor(user))
throw new PermissionDeniedException(
"User " + user + " does not have perms to enable or disable flow tracking");
boolean track = Boolean.parseBoolean(flowtracking);
FVLog.log(
LogLevel.DEBUG, null, "Setting flow tracking to " + (track ? "enabled." : "disabled."));
FlowvisorImpl.getProxy().settrack_flows(track);
return true;
}
@Override
public Boolean changeSlice(String sliceName, String key, String value)
throws MalformedURLException, InvalidSliceName, PermissionDeniedException, InvalidUserInfoKey,
DuplicateControllerException {
String changerSlice = APIUserCred.getUserName();
if (!APIAuth.transitivelyCreated(changerSlice, sliceName)
&& !FVConfig.isSupervisor(changerSlice))
throw new PermissionDeniedException(
"Slice " + changerSlice + " does not have perms to change the passwd of " + sliceName);
/**
* this is the list of things a user is allowed to change about themselves. Critically, it
* should not include "creator" string as this would allow security issues.
*/
try {
if (key.equals("contact_email")) FVConfig.setSliceContactEmail(sliceName, value);
else if (key.equals("controller_hostname")) {
// make sure there isn't already a slice with this hostname and port
// that this slice uses
if (isSecondSliceSharingController(sliceName, value, FVConfig.getSlicePort(sliceName))) {
throw new DuplicateControllerException(
value, FVConfig.getSlicePort(sliceName), sliceName, "changed");
}
FVConfig.setSliceHost(sliceName, value);
} else if (key.equals("controller_port")) {
// Make sure that there isn't already a slice on this port that uses
// the same hostname that this slice uses
if (isSecondSliceSharingController(
sliceName, FVConfig.getSliceHost(sliceName), Integer.parseInt(value))) {
throw new DuplicateControllerException(
FVConfig.getSliceHost(sliceName), Integer.parseInt(value), sliceName, "changed");
}
FVConfig.setSlicePort(sliceName, Integer.valueOf(value));
} else if (key.equals("drop_policy")) {
// Set the drop policy when the controller is done,
// either to an exact match of the packet in or to the
// flow entry.
FVConfig.setSliceDropPolicy(sliceName, value);
} else
throw new InvalidUserInfoKey(
"invalid key: "
+ key
+ "-- only contact_email, drop_policy and "
+ "controller_{hostname,port} can be changed");
FlowVisor.getInstance().checkPointConfig();
} catch (ConfigError e) {
// this should probably never happen b/c of above checks
throw new InvalidUserInfoKey(e.toString());
}
return true;
}
public Integer getCurrentFlowMods(String sliceName, String dpid)
throws PermissionDeniedException, SliceNotFound, DPIDNotFound {
String user = APIUserCred.getUserName();
if (!APIAuth.transitivelyCreated(user, sliceName) && !FVConfig.isSupervisor(user))
throw new PermissionDeniedException(
"User "
+ user
+ " does not have perms to get the current flow mod value for slice "
+ sliceName);
Long dp = FlowSpaceUtil.parseDPID(dpid);
if (dp == FlowEntry.ALL_DPIDS) return getSliceLimits().getSliceFMLimit(sliceName);
else return lookupClassifier(dp).getCurrentFlowModCounter(sliceName);
}
@Override
public Boolean getFlowTracking() throws PermissionDeniedException {
String user = APIUserCred.getUserName();
if (!FVConfig.isSupervisor(user))
throw new PermissionDeniedException(
"User " + user + " does not have perms to obtain flow tracking status");
FVLog.log(LogLevel.DEBUG, null, "Getting flow tracking status");
try {
return FlowvisorImpl.getProxy().gettrack_flows();
} catch (ConfigError e) {
FVLog.log(LogLevel.ALERT, null, "Unable to get flow tracking status ", e.getMessage());
}
return null;
}
@Override
public Boolean setFloodPerm(String floodPerm) throws PermissionDeniedException {
String user = APIUserCred.getUserName();
if (!FVConfig.isSupervisor(user))
throw new PermissionDeniedException(
"User "
+ user
+ " does not have perms to change the default flood perms to "
+ floodPerm);
FVLog.log(LogLevel.DEBUG, null, "Setting default flood perm to " + floodPerm);
FlowvisorImpl.getProxy().setFloodPerm(floodPerm);
return true;
}
/**
* Change the password for this slice
*
* <p>A slice is allowed to change its own password and the password of any slice that it has
* (transitively) created
*
* @param sliceName
* @param newPasswd
*/
@Override
public Boolean changePasswd(String sliceName, String newPasswd) throws PermissionDeniedException {
String changerSlice = APIUserCred.getUserName();
if (!APIAuth.transitivelyCreated(changerSlice, sliceName)
&& !FVConfig.isSupervisor(changerSlice))
throw new PermissionDeniedException(
"Slice " + changerSlice + " does not have perms to change the passwd of " + sliceName);
String salt = APIAuth.getSalt();
String crypt = APIAuth.makeCrypt(salt, newPasswd);
sliceName = FVConfig.sanitize(sliceName);
// set passwd is synchronized
FVConfig.setPasswd(sliceName, salt, crypt);
FlowVisor.getInstance().checkPointConfig();
return true;
}
@Override
public Integer getMaximumFlowMods(String sliceName, String dpid)
throws PermissionDeniedException {
String user = APIUserCred.getUserName();
if (!APIAuth.transitivelyCreated(user, sliceName) && !FVConfig.isSupervisor(user))
throw new PermissionDeniedException(
"User " + user + " does not have perms to get the flow mod limit for slice " + sliceName);
Long dp = FlowSpaceUtil.parseDPID(dpid);
try {
if (dp == FlowEntry.ALL_DPIDS) return SliceImpl.getProxy().getMaxFlowMods(sliceName);
else return SwitchImpl.getProxy().getMaxFlowMods(sliceName, dp);
} catch (ConfigError e) {
FVLog.log(LogLevel.DEBUG, null, "Unable to get flow mod limit; " + e.getMessage());
return null;
}
}
@Override
public String getFloodPerm(String dpidStr) throws PermissionDeniedException {
String user = APIUserCred.getUserName();
if (!FVConfig.isSupervisor(user))
throw new PermissionDeniedException(
"User " + user + " does not have perms to obtain the flood perms of " + dpidStr);
FVLog.log(LogLevel.DEBUG, null, "Setting flood perm for : ", dpidStr);
long dpid = FlowSpaceUtil.parseDPID(dpidStr);
try {
return SwitchImpl.getProxy().getFloodPerm(dpid);
} catch (ConfigError e) {
FVLog.log(LogLevel.ALERT, null, "Unable to set floodperm", e.getMessage());
}
return null;
}
/**
* Create a new slice (without flowspace)
*
* <p>Slices that contain the field separator are rewritten with underscores
*
* @param sliceName Cannot contain FVConfig.FS == '!'
* @param passwd Cleartext! FIXME
* @param controller_url Reference controller pseudo-url, e.g., tcp:hostname[:port]
* @param slice_email As a contract for the slice
* @return success
* @throws InvalidSliceName
* @throws PermissionDeniedException
* @throws DuplicateControllerException
*/
@Override
public Boolean createSlice(
String sliceName,
String passwd,
String controller_url,
String drop_policy,
String slice_email)
throws MalformedControllerURL, InvalidSliceName, InvalidDropPolicy, PermissionDeniedException,
DuplicateControllerException {
// FIXME: make sure this user has perms to do this OP
// for now, all slices can create other slices
// FIXME: for now, only handle tcp, not ssl controller url
String[] list = controller_url.split(":");
if (!FVConfig.isSupervisor(APIUserCred.getUserName()))
throw new PermissionDeniedException("only superusers can create new slices");
if (list.length < 2)
throw new MalformedControllerURL(
"controller url needs to be of the form "
+ "proto:hostname[:port], e.g., tcp:yourhost.foo.com:6633, not: "
+ controller_url);
if (!list[0].equals("tcp"))
throw new MalformedControllerURL(
"Flowvisor currently only supports 'tcp' proto, not: " + list[0]);
int controller_port;
if (list.length >= 3) controller_port = Integer.valueOf(list[2]);
else controller_port = FVConfig.OFP_TCP_PORT;
// createSlice is synchronized()
if (drop_policy.equals("")) drop_policy = "exact";
else if (!drop_policy.equals("exact") && !drop_policy.equals("rule"))
throw new InvalidDropPolicy(
"Flowvisor currently supports an 'exact'" + " or a 'rule' based drop policy");
// We need to make sure this slice doesn't already exist
List<String> slices = null;
synchronized (FVConfig.class) {
try {
slices = FVConfig.getAllSlices();
} catch (ConfigError e) {
e.printStackTrace();
throw new RuntimeException("no SLICES subdir found in config");
}
for (Iterator<String> sliceIter = slices.iterator(); sliceIter.hasNext(); ) {
String existingSlice = sliceIter.next();
if (sliceName.equals(existingSlice)) {
throw new PermissionDeniedException("Cannot create slice with existing name.");
}
}
}
FVConfig.createSlice(
sliceName,
list[1],
controller_port,
drop_policy,
passwd,
slice_email,
APIUserCred.getUserName());
FlowVisor.getInstance().checkPointConfig();
return true;
}