Exemplo n.º 1
0
// createOfnetRule creates a directional ofnet rule
func (gp *EpgPolicy) createOfnetRule(rule *contivModel.Rule, dir string) (*ofnet.OfnetPolicyRule, error) {
	ruleID := gp.EpgPolicyKey + ":" + rule.Key + ":" + dir

	// Create an ofnet rule
	ofnetRule := new(ofnet.OfnetPolicyRule)
	ofnetRule.RuleId = ruleID
	ofnetRule.Priority = rule.Priority
	ofnetRule.Action = rule.Action

	remoteEpgID := 0
	// See if user specified an endpoint Group in the rule
	if rule.EndpointGroup != "" {
		epgKey := rule.TenantName + ":" + rule.EndpointGroup

		// find the endpoint group
		epg := contivModel.FindEndpointGroup(epgKey)
		if epg == nil {
			log.Errorf("Error finding endpoint group %s", epgKey)
			return nil, core.Errorf("endpoint group not found")
		}

		remoteEpgID = epg.EndpointGroupID
	}

	// Set protocol
	switch rule.Protocol {
	case "tcp":
		ofnetRule.IpProtocol = 6
	case "udp":
		ofnetRule.IpProtocol = 17
	case "icmp":
		ofnetRule.IpProtocol = 1
	case "igmp":
		ofnetRule.IpProtocol = 2
	case "":
		ofnetRule.IpProtocol = 0
	default:
		proto, err := strconv.Atoi(rule.Protocol)
		if err == nil && proto < 256 {
			ofnetRule.IpProtocol = uint8(proto)
		}
	}

	// Set directional parameters
	switch dir {
	case "inRx":
		// Set src/dest endpoint group
		ofnetRule.DstEndpointGroup = gp.EndpointGroupID
		ofnetRule.SrcEndpointGroup = remoteEpgID

		// Set src/dest IP Address
		ofnetRule.SrcIpAddr = rule.IpAddress

		// set port numbers
		ofnetRule.DstPort = uint16(rule.Port)

		// set tcp flags
		if rule.Protocol == "tcp" && rule.Port == 0 {
			ofnetRule.TcpFlags = "syn,!ack"
		}
	case "inTx":
		// Set src/dest endpoint group
		ofnetRule.SrcEndpointGroup = gp.EndpointGroupID
		ofnetRule.DstEndpointGroup = remoteEpgID

		// Set src/dest IP Address
		ofnetRule.DstIpAddr = rule.IpAddress

		// set port numbers
		ofnetRule.SrcPort = uint16(rule.Port)
	case "outRx":
		// Set src/dest endpoint group
		ofnetRule.DstEndpointGroup = gp.EndpointGroupID
		ofnetRule.SrcEndpointGroup = remoteEpgID

		// Set src/dest IP Address
		ofnetRule.SrcIpAddr = rule.IpAddress

		// set port numbers
		ofnetRule.SrcPort = uint16(rule.Port)
	case "outTx":
		// Set src/dest endpoint group
		ofnetRule.SrcEndpointGroup = gp.EndpointGroupID
		ofnetRule.DstEndpointGroup = remoteEpgID

		// Set src/dest IP Address
		ofnetRule.DstIpAddr = rule.IpAddress

		// set port numbers
		ofnetRule.DstPort = uint16(rule.Port)

		// set tcp flags
		if rule.Protocol == "tcp" && rule.Port == 0 {
			ofnetRule.TcpFlags = "syn,!ack"
		}
	default:
		log.Fatalf("Unknown rule direction %s", dir)
	}

	// Add the Rule to policyDB
	err := ofnetMaster.AddRule(ofnetRule)
	if err != nil {
		log.Errorf("Error creating rule {%+v}. Err: %v", ofnetRule, err)
		return nil, err
	}

	log.Infof("Added rule {%+v} to policyDB", ofnetRule)

	return ofnetRule, nil
}
Exemplo n.º 2
0
// createOfnetRule creates a directional ofnet rule
func (gp *EpgPolicy) createOfnetRule(rule *contivModel.Rule, dir string) (*ofnet.OfnetPolicyRule, error) {
	var remoteEpgID int
	var err error

	ruleID := gp.EpgPolicyKey + ":" + rule.Key + ":" + dir

	// Create an ofnet rule
	ofnetRule := new(ofnet.OfnetPolicyRule)
	ofnetRule.RuleId = ruleID
	ofnetRule.Priority = rule.Priority
	ofnetRule.Action = rule.Action

	// See if user specified an endpoint Group in the rule
	if rule.FromEndpointGroup != "" {
		remoteEpgID, err = GetEndpointGroupID(stateStore, rule.FromEndpointGroup, rule.TenantName)
		if err != nil {
			log.Errorf("Error finding endpoint group %s/%s/%s. Err: %v",
				rule.FromEndpointGroup, rule.FromNetwork, rule.TenantName, err)
		}
	} else if rule.ToEndpointGroup != "" {
		remoteEpgID, err = GetEndpointGroupID(stateStore, rule.ToEndpointGroup, rule.TenantName)
		if err != nil {
			log.Errorf("Error finding endpoint group %s/%s/%s. Err: %v",
				rule.ToEndpointGroup, rule.ToNetwork, rule.TenantName, err)
		}
	} else if rule.FromNetwork != "" {
		netKey := rule.TenantName + ":" + rule.FromNetwork

		net := contivModel.FindNetwork(netKey)
		if net == nil {
			log.Errorf("Network %s not found", netKey)
			return nil, errors.New("FromNetwork not found")
		}

		rule.FromIpAddress = net.Subnet
	} else if rule.ToNetwork != "" {
		netKey := rule.TenantName + ":" + rule.ToNetwork

		net := contivModel.FindNetwork(netKey)
		if net == nil {
			log.Errorf("Network %s not found", netKey)
			return nil, errors.New("ToNetwork not found")
		}

		rule.ToIpAddress = net.Subnet
	}

	// Set protocol
	switch rule.Protocol {
	case "tcp":
		ofnetRule.IpProtocol = 6
	case "udp":
		ofnetRule.IpProtocol = 17
	case "icmp":
		ofnetRule.IpProtocol = 1
	case "igmp":
		ofnetRule.IpProtocol = 2
	case "":
		ofnetRule.IpProtocol = 0
	default:
		proto, err := strconv.Atoi(rule.Protocol)
		if err == nil && proto < 256 {
			ofnetRule.IpProtocol = uint8(proto)
		}
	}

	// Set directional parameters
	switch dir {
	case "inRx":
		// Set src/dest endpoint group
		ofnetRule.DstEndpointGroup = gp.EndpointGroupID
		ofnetRule.SrcEndpointGroup = remoteEpgID

		// Set src/dest IP Address
		ofnetRule.SrcIpAddr = rule.FromIpAddress

		// set port numbers
		ofnetRule.DstPort = uint16(rule.Port)

		// set tcp flags
		if rule.Protocol == "tcp" && rule.Port == 0 {
			ofnetRule.TcpFlags = "syn,!ack"
		}
	case "inTx":
		// Set src/dest endpoint group
		ofnetRule.SrcEndpointGroup = gp.EndpointGroupID
		ofnetRule.DstEndpointGroup = remoteEpgID

		// Set src/dest IP Address
		ofnetRule.DstIpAddr = rule.FromIpAddress

		// set port numbers
		ofnetRule.SrcPort = uint16(rule.Port)
	case "outRx":
		// Set src/dest endpoint group
		ofnetRule.DstEndpointGroup = gp.EndpointGroupID
		ofnetRule.SrcEndpointGroup = remoteEpgID

		// Set src/dest IP Address
		ofnetRule.SrcIpAddr = rule.ToIpAddress

		// set port numbers
		ofnetRule.SrcPort = uint16(rule.Port)
	case "outTx":
		// Set src/dest endpoint group
		ofnetRule.SrcEndpointGroup = gp.EndpointGroupID
		ofnetRule.DstEndpointGroup = remoteEpgID

		// Set src/dest IP Address
		ofnetRule.DstIpAddr = rule.ToIpAddress

		// set port numbers
		ofnetRule.DstPort = uint16(rule.Port)

		// set tcp flags
		if rule.Protocol == "tcp" && rule.Port == 0 {
			ofnetRule.TcpFlags = "syn,!ack"
		}
	default:
		log.Fatalf("Unknown rule direction %s", dir)
	}

	// Add the Rule to policyDB
	err = ofnetMaster.AddRule(ofnetRule)
	if err != nil {
		log.Errorf("Error creating rule {%+v}. Err: %v", ofnetRule, err)
		return nil, err
	}

	log.Infof("Added rule {%+v} to policyDB", ofnetRule)

	return ofnetRule, nil
}