use of org.onlab.packet.IPv4.PROTOCOL_TCP in project onos by opennetworkinglab.
the class ReactiveForwarding method installRule.
// Install a rule forwarding the packet to the specified port.
private void installRule(PacketContext context, PortNumber portNumber, ReactiveForwardMetrics macMetrics) {
//
// We don't support (yet) buffer IDs in the Flow Service so
// packet out first.
//
Ethernet inPkt = context.inPacket().parsed();
TrafficSelector.Builder selectorBuilder = DefaultTrafficSelector.builder();
// If PacketOutOnly or ARP packet than forward directly to output port
if (packetOutOnly || inPkt.getEtherType() == Ethernet.TYPE_ARP) {
packetOut(context, portNumber, macMetrics);
return;
}
//
if (matchDstMacOnly) {
selectorBuilder.matchEthDst(inPkt.getDestinationMAC());
} else {
selectorBuilder.matchInPort(context.inPacket().receivedFrom().port()).matchEthSrc(inPkt.getSourceMAC()).matchEthDst(inPkt.getDestinationMAC());
// If configured Match Vlan ID
if (matchVlanId && inPkt.getVlanID() != Ethernet.VLAN_UNTAGGED) {
selectorBuilder.matchVlanId(VlanId.vlanId(inPkt.getVlanID()));
}
//
if (matchIpv4Address && inPkt.getEtherType() == Ethernet.TYPE_IPV4) {
IPv4 ipv4Packet = (IPv4) inPkt.getPayload();
byte ipv4Protocol = ipv4Packet.getProtocol();
Ip4Prefix matchIp4SrcPrefix = Ip4Prefix.valueOf(ipv4Packet.getSourceAddress(), Ip4Prefix.MAX_MASK_LENGTH);
Ip4Prefix matchIp4DstPrefix = Ip4Prefix.valueOf(ipv4Packet.getDestinationAddress(), Ip4Prefix.MAX_MASK_LENGTH);
selectorBuilder.matchEthType(Ethernet.TYPE_IPV4).matchIPSrc(matchIp4SrcPrefix).matchIPDst(matchIp4DstPrefix);
if (matchIpv4Dscp) {
byte dscp = ipv4Packet.getDscp();
byte ecn = ipv4Packet.getEcn();
selectorBuilder.matchIPDscp(dscp).matchIPEcn(ecn);
}
if (matchTcpUdpPorts && ipv4Protocol == IPv4.PROTOCOL_TCP) {
TCP tcpPacket = (TCP) ipv4Packet.getPayload();
selectorBuilder.matchIPProtocol(ipv4Protocol).matchTcpSrc(TpPort.tpPort(tcpPacket.getSourcePort())).matchTcpDst(TpPort.tpPort(tcpPacket.getDestinationPort()));
}
if (matchTcpUdpPorts && ipv4Protocol == IPv4.PROTOCOL_UDP) {
UDP udpPacket = (UDP) ipv4Packet.getPayload();
selectorBuilder.matchIPProtocol(ipv4Protocol).matchUdpSrc(TpPort.tpPort(udpPacket.getSourcePort())).matchUdpDst(TpPort.tpPort(udpPacket.getDestinationPort()));
}
if (matchIcmpFields && ipv4Protocol == IPv4.PROTOCOL_ICMP) {
ICMP icmpPacket = (ICMP) ipv4Packet.getPayload();
selectorBuilder.matchIPProtocol(ipv4Protocol).matchIcmpType(icmpPacket.getIcmpType()).matchIcmpCode(icmpPacket.getIcmpCode());
}
}
//
if (matchIpv6Address && inPkt.getEtherType() == Ethernet.TYPE_IPV6) {
IPv6 ipv6Packet = (IPv6) inPkt.getPayload();
byte ipv6NextHeader = ipv6Packet.getNextHeader();
Ip6Prefix matchIp6SrcPrefix = Ip6Prefix.valueOf(ipv6Packet.getSourceAddress(), Ip6Prefix.MAX_MASK_LENGTH);
Ip6Prefix matchIp6DstPrefix = Ip6Prefix.valueOf(ipv6Packet.getDestinationAddress(), Ip6Prefix.MAX_MASK_LENGTH);
selectorBuilder.matchEthType(Ethernet.TYPE_IPV6).matchIPv6Src(matchIp6SrcPrefix).matchIPv6Dst(matchIp6DstPrefix);
if (matchIpv6FlowLabel) {
selectorBuilder.matchIPv6FlowLabel(ipv6Packet.getFlowLabel());
}
if (matchTcpUdpPorts && ipv6NextHeader == IPv6.PROTOCOL_TCP) {
TCP tcpPacket = (TCP) ipv6Packet.getPayload();
selectorBuilder.matchIPProtocol(ipv6NextHeader).matchTcpSrc(TpPort.tpPort(tcpPacket.getSourcePort())).matchTcpDst(TpPort.tpPort(tcpPacket.getDestinationPort()));
}
if (matchTcpUdpPorts && ipv6NextHeader == IPv6.PROTOCOL_UDP) {
UDP udpPacket = (UDP) ipv6Packet.getPayload();
selectorBuilder.matchIPProtocol(ipv6NextHeader).matchUdpSrc(TpPort.tpPort(udpPacket.getSourcePort())).matchUdpDst(TpPort.tpPort(udpPacket.getDestinationPort()));
}
if (matchIcmpFields && ipv6NextHeader == IPv6.PROTOCOL_ICMP6) {
ICMP6 icmp6Packet = (ICMP6) ipv6Packet.getPayload();
selectorBuilder.matchIPProtocol(ipv6NextHeader).matchIcmpv6Type(icmp6Packet.getIcmpType()).matchIcmpv6Code(icmp6Packet.getIcmpCode());
}
}
}
TrafficTreatment treatment;
if (inheritFlowTreatment) {
treatment = context.treatmentBuilder().setOutput(portNumber).build();
} else {
treatment = DefaultTrafficTreatment.builder().setOutput(portNumber).build();
}
ForwardingObjective forwardingObjective = DefaultForwardingObjective.builder().withSelector(selectorBuilder.build()).withTreatment(treatment).withPriority(flowPriority).withFlag(ForwardingObjective.Flag.VERSATILE).fromApp(appId).makeTemporary(flowTimeout).add();
flowObjectiveService.forward(context.inPacket().receivedFrom().deviceId(), forwardingObjective);
forwardPacket(macMetrics);
//
if (packetOutOfppTable) {
packetOut(context, PortNumber.TABLE, macMetrics);
} else {
packetOut(context, portNumber, macMetrics);
}
}
use of org.onlab.packet.IPv4.PROTOCOL_TCP in project onos by opennetworkinglab.
the class OpenstackRoutingSnatHandler method packetOut.
private void packetOut(Ethernet ethPacketIn, DeviceId srcDevice, int patPort, IpAddress externalIp, ExternalPeerRouter externalPeerRouter) {
IPv4 iPacket = (IPv4) ethPacketIn.getPayload();
switch(iPacket.getProtocol()) {
case IPv4.PROTOCOL_TCP:
iPacket.setPayload(buildPacketOutTcp(iPacket, patPort));
break;
case IPv4.PROTOCOL_UDP:
iPacket.setPayload(buildPacketOutUdp(iPacket, patPort));
break;
default:
log.trace("Temporally, this method can process UDP and TCP protocol.");
return;
}
iPacket.setSourceAddress(externalIp.toString());
iPacket.resetChecksum();
iPacket.setParent(ethPacketIn);
ethPacketIn.setSourceMACAddress(DEFAULT_GATEWAY_MAC);
ethPacketIn.setDestinationMACAddress(externalPeerRouter.macAddress());
ethPacketIn.setPayload(iPacket);
if (!externalPeerRouter.vlanId().equals(VlanId.NONE)) {
ethPacketIn.setVlanID(externalPeerRouter.vlanId().toShort());
}
ethPacketIn.resetChecksum();
OpenstackNode srcNode = osNodeService.node(srcDevice);
if (srcNode == null) {
final String error = String.format("Cannot find openstack node for %s", srcDevice);
throw new IllegalStateException(error);
}
TrafficTreatment.Builder tBuilder = DefaultTrafficTreatment.builder();
packetService.emit(new DefaultOutboundPacket(srcDevice, tBuilder.setOutput(srcNode.uplinkPortNum()).build(), ByteBuffer.wrap(ethPacketIn.serialize())));
}
use of org.onlab.packet.IPv4.PROTOCOL_TCP in project onos by opennetworkinglab.
the class OpenstackRoutingSnatHandler method setStatelessSnatUpstreamRules.
private void setStatelessSnatUpstreamRules(String segmentId, Type networkType, IpAddress externalIp, ExternalPeerRouter externalPeerRouter, TpPort patPort, InboundPacket packetIn) {
IPv4 iPacket = (IPv4) packetIn.parsed().getPayload();
TrafficSelector.Builder sBuilder = DefaultTrafficSelector.builder().matchEthType(Ethernet.TYPE_IPV4).matchIPProtocol(iPacket.getProtocol()).matchIPSrc(IpPrefix.valueOf(iPacket.getSourceAddress(), VM_PREFIX)).matchIPDst(IpPrefix.valueOf(iPacket.getDestinationAddress(), VM_PREFIX));
TrafficTreatment.Builder tBuilder = DefaultTrafficTreatment.builder();
switch(networkType) {
case VXLAN:
case GRE:
case GENEVE:
sBuilder.matchTunnelId(Long.parseLong(segmentId));
break;
case VLAN:
sBuilder.matchVlanId(VlanId.vlanId(segmentId));
tBuilder.popVlan();
break;
default:
final String error = String.format("%s %s", ERR_UNSUPPORTED_NET_TYPE, networkType.toString());
throw new IllegalStateException(error);
}
switch(iPacket.getProtocol()) {
case IPv4.PROTOCOL_TCP:
TCP tcpPacket = (TCP) iPacket.getPayload();
sBuilder.matchTcpSrc(TpPort.tpPort(tcpPacket.getSourcePort())).matchTcpDst(TpPort.tpPort(tcpPacket.getDestinationPort()));
tBuilder.setTcpSrc(patPort).setEthDst(externalPeerRouter.macAddress());
break;
case IPv4.PROTOCOL_UDP:
UDP udpPacket = (UDP) iPacket.getPayload();
sBuilder.matchUdpSrc(TpPort.tpPort(udpPacket.getSourcePort())).matchUdpDst(TpPort.tpPort(udpPacket.getDestinationPort()));
tBuilder.setUdpSrc(patPort).setEthDst(externalPeerRouter.macAddress());
break;
default:
log.debug("Unsupported IPv4 protocol {}");
break;
}
if (!externalPeerRouter.vlanId().equals(VlanId.NONE)) {
tBuilder.pushVlan().setVlanId(externalPeerRouter.vlanId());
}
tBuilder.setIpSrc(externalIp);
osNodeService.completeNodes(GATEWAY).forEach(gNode -> {
TrafficTreatment.Builder tmpBuilder = DefaultTrafficTreatment.builder(tBuilder.build());
tmpBuilder.setOutput(gNode.uplinkPortNum());
osFlowRuleService.setRule(appId, gNode.intgBridge(), sBuilder.build(), tmpBuilder.build(), PRIORITY_SNAT_RULE, GW_COMMON_TABLE, true);
});
}
use of org.onlab.packet.IPv4.PROTOCOL_TCP in project onos by opennetworkinglab.
the class OpenstackAddAclCommand method doExecute.
@Override
protected void doExecute() {
OpenstackFlowRuleService flowRuleService = get(OpenstackFlowRuleService.class);
CoreService coreService = get(CoreService.class);
ApplicationId appId = coreService.getAppId(OPENSTACK_NETWORKING_APP_ID);
InstancePortService instancePortService = get(InstancePortService.class);
IpAddress srcIpAddress;
IpAddress dstIpAddress;
try {
srcIpAddress = IpAddress.valueOf(srcIpStr);
dstIpAddress = IpAddress.valueOf(dstIpStr);
} catch (IllegalArgumentException e) {
log.error("IllegalArgumentException occurred because of {}", e);
return;
}
TrafficSelector.Builder sBuilder = DefaultTrafficSelector.builder().matchEthType(Ethernet.TYPE_IPV4).matchIPSrc(srcIpAddress.toIpPrefix()).matchIPDst(dstIpAddress.toIpPrefix());
TrafficTreatment treatment = DefaultTrafficTreatment.builder().drop().build();
if (srcPort != 0 || dstPort != 0) {
sBuilder.matchIPProtocol(IPv4.PROTOCOL_TCP);
if (srcPort != 0) {
sBuilder.matchTcpSrc(TpPort.tpPort(srcPort));
}
if (dstPort != 0) {
sBuilder.matchTcpDst(TpPort.tpPort(dstPort));
}
}
log.info("Deny the packet from srcIp: {}, dstPort: {} to dstIp: {}, dstPort: {}", srcIpAddress.toString(), srcPort, dstIpAddress.toString(), dstPort);
Optional<InstancePort> instancePort = instancePortService.instancePorts().stream().filter(port -> port.ipAddress().toString().equals(dstIpStr)).findAny();
if (!instancePort.isPresent()) {
log.info("Instance port that matches with the given dst ip address isn't present {}");
return;
}
flowRuleService.setRule(appId, instancePort.get().deviceId(), sBuilder.build(), treatment, PRIORITY_FORCED_ACL_RULE, DHCP_TABLE, true);
}
use of org.onlab.packet.IPv4.PROTOCOL_TCP in project onos by opennetworkinglab.
the class OpenstackRemoveAclCommand method doExecute.
@Override
protected void doExecute() {
OpenstackFlowRuleService flowRuleService = get(OpenstackFlowRuleService.class);
CoreService coreService = get(CoreService.class);
ApplicationId appId = coreService.getAppId(OPENSTACK_NETWORKING_APP_ID);
InstancePortService instancePortService = get(InstancePortService.class);
IpAddress srcIpAddress = null;
IpAddress dstIpAddress = null;
try {
srcIpAddress = IpAddress.valueOf(srcIpStr);
dstIpAddress = IpAddress.valueOf(dstIpStr);
} catch (IllegalArgumentException e) {
log.error("IllegalArgumentException occurred because of {}", e);
return;
}
TrafficSelector.Builder sBuilder = DefaultTrafficSelector.builder().matchEthType(Ethernet.TYPE_IPV4).matchIPSrc(srcIpAddress.toIpPrefix()).matchIPDst(dstIpAddress.toIpPrefix());
TrafficTreatment treatment = DefaultTrafficTreatment.builder().drop().build();
if (srcPort != 0 || dstPort != 0) {
sBuilder.matchIPProtocol(IPv4.PROTOCOL_TCP);
if (srcPort != 0) {
sBuilder.matchTcpSrc(TpPort.tpPort(srcPort));
}
if (dstPort != 0) {
sBuilder.matchTcpDst(TpPort.tpPort(dstPort));
}
}
log.info("Deny the packet from srcIp: {}, dstPort: {} to dstIp: {}, dstPort: {}", srcIpAddress.toString(), srcPort, dstIpAddress.toString(), dstPort);
Optional<InstancePort> instancePort = instancePortService.instancePorts().stream().filter(port -> port.ipAddress().toString().equals(dstIpStr)).findAny();
if (!instancePort.isPresent()) {
log.info("Instance port that matches with the given dst ip address isn't present {}");
return;
}
flowRuleService.setRule(appId, instancePort.get().deviceId(), sBuilder.build(), treatment, PRIORITY_FORCED_ACL_RULE, DHCP_TABLE, false);
}
Aggregations