126 lines
4.9 KiB
Python
126 lines
4.9 KiB
Python
#!/usr/bin/env python3
|
|
# -*- encoding: utf-8 -*-
|
|
|
|
from ryu.base import app_manager
|
|
from ryu.lib import ofctl_v1_3
|
|
from ryu.lib.packet import ether_types
|
|
from ryu.lib.packet import ethernet
|
|
from ryu.ofproto import ofproto_v1_3
|
|
from ryu.controller.handler import set_ev_cls
|
|
from ryu.controller.handler import CONFIG_DISPATCHER, MAIN_DISPATCHER
|
|
from ryu.controller import ofp_event
|
|
from ryu.lib.packet import packet
|
|
|
|
|
|
class SimpleSwitch13(app_manager.RyuApp):
|
|
OFP_VERSIONS = [ofproto_v1_3.OFP_VERSION]
|
|
|
|
def __init__(self, *args, **kwargs):
|
|
super(SimpleSwitch13, self).__init__(*args, **kwargs)
|
|
self.mac_to_port = {}
|
|
self.firewalls = dict()
|
|
|
|
@set_ev_cls(ofp_event.EventOFPSwitchFeatures, CONFIG_DISPATCHER)
|
|
def switch_features_handler(self, ev):
|
|
datapath = ev.msg.datapath
|
|
ofproto = datapath.ofproto
|
|
parser = datapath.ofproto_parser
|
|
|
|
# install table-miss flow entry
|
|
#
|
|
# We specify NO BUFFER to max_len of the output action due to
|
|
# OVS bug. At this moment, if we specify a lesser number, e.g.,
|
|
# 128, OVS will send Packet-In with invalid buffer_id and
|
|
# truncated packet data. In that case, we cannot output packets
|
|
# correctly. The bug has been fixed in OVS v2.1.0.
|
|
match = parser.OFPMatch()
|
|
actions = [parser.OFPActionOutput(ofproto.OFPP_CONTROLLER,
|
|
ofproto.OFPCML_NO_BUFFER)]
|
|
self.add_flow(datapath, 0, match, actions)
|
|
|
|
def add_flow(self, datapath, priority, match, actions, buffer_id=None, idle_timeout=0, hard_timeout=0):
|
|
ofproto = datapath.ofproto
|
|
parser = datapath.ofproto_parser
|
|
|
|
inst = [parser.OFPInstructionActions(ofproto.OFPIT_APPLY_ACTIONS,
|
|
actions)]
|
|
if buffer_id:
|
|
mod = parser.OFPFlowMod(datapath=datapath, buffer_id=buffer_id,
|
|
priority=priority, match=match,
|
|
instructions=inst, idle_timeout=idle_timeout, hard_timeout=hard_timeout)
|
|
else:
|
|
mod = parser.OFPFlowMod(datapath=datapath, priority=priority,
|
|
match=match, instructions=inst, idle_timeout=idle_timeout, hard_timeout=hard_timeout)
|
|
datapath.send_msg(mod)
|
|
|
|
@set_ev_cls(ofp_event.EventOFPPacketIn, MAIN_DISPATCHER)
|
|
def _packet_in_handler(self, ev):
|
|
# If you hit this you might want to increase
|
|
# the "miss_send_length" of your switch
|
|
if ev.msg.msg_len < ev.msg.total_len:
|
|
self.logger.debug("packet truncated: only %s of %s bytes",
|
|
ev.msg.msg_len, ev.msg.total_len)
|
|
msg = ev.msg
|
|
datapath = msg.datapath
|
|
ofproto = datapath.ofproto
|
|
parser = datapath.ofproto_parser
|
|
in_port = msg.match['in_port']
|
|
|
|
pkt = packet.Packet(msg.data)
|
|
eth = pkt.get_protocols(ethernet.ethernet)[0]
|
|
|
|
if eth.ethertype == ether_types.ETH_TYPE_LLDP:
|
|
# ignore lldp packet
|
|
return
|
|
dst = eth.dst
|
|
src = eth.src
|
|
|
|
dpid = datapath.id
|
|
self.mac_to_port.setdefault(dpid, {})
|
|
|
|
self.logger.info("packet in %s %s %s %s", dpid, src, dst, in_port)
|
|
|
|
# learn a mac address to avoid FLOOD next time.
|
|
self.mac_to_port[dpid][src] = in_port
|
|
|
|
if dst in self.mac_to_port[dpid]:
|
|
out_port = self.mac_to_port[dpid][dst]
|
|
else:
|
|
out_port = ofproto.OFPP_FLOOD
|
|
|
|
actions = [parser.OFPActionOutput(out_port)]
|
|
|
|
# run firewall on it
|
|
if datapath.id not in self.firewalls:
|
|
self.firewalls[datapath.id] = Firewall(datapath)
|
|
actions, save_in_flow_table, *_ = [
|
|
*list(self.firewalls[datapath.id].actions_for_new_flow(
|
|
event=ev,
|
|
message=msg,
|
|
datapath=datapath,
|
|
ofproto=ofproto,
|
|
eth=eth,
|
|
parser=parser,
|
|
allow_action=actions
|
|
)),
|
|
True
|
|
]
|
|
|
|
if save_in_flow_table:
|
|
# install a flow to avoid packet_in next time
|
|
if out_port != ofproto.OFPP_FLOOD:
|
|
match = parser.OFPMatch(in_port=in_port, eth_dst=dst)
|
|
# verify if we have a valid buffer_id, if yes avoid to send both
|
|
# flow_mod & packet_out
|
|
if msg.buffer_id != ofproto.OFP_NO_BUFFER:
|
|
self.add_flow(datapath, 1, match, actions, msg.buffer_id, idle_timeout=30, hard_timeout=90)
|
|
return
|
|
else:
|
|
self.add_flow(datapath, 1, match, actions, idle_timeout=30, hard_timeout=90)
|
|
data = None
|
|
if msg.buffer_id == ofproto.OFP_NO_BUFFER:
|
|
data = msg.data
|
|
|
|
out = parser.OFPPacketOut(datapath=datapath, buffer_id=msg.buffer_id,
|
|
in_port=in_port, actions=actions, data=data)
|
|
datapath.send_msg(out) |