// createOfnetRule creates a directional ofnet rule
func (gp *EpgPolicy) createOfnetRule(rule *contivModel.Rule, dir string) (*ofnet.OfnetPolicyRule, error) {
ruleID := gp.EpgPolicyKey + ":" + rule.Key + ":" + dir
// Create an ofnet rule
ofnetRule := new(ofnet.OfnetPolicyRule)
ofnetRule.RuleId = ruleID
ofnetRule.Priority = rule.Priority
ofnetRule.Action = rule.Action
remoteEpgID := 0
// See if user specified an endpoint Group in the rule
if rule.EndpointGroup != "" {
epgKey := rule.TenantName + ":" + rule.EndpointGroup
// find the endpoint group
epg := contivModel.FindEndpointGroup(epgKey)
if epg == nil {
log.Errorf("Error finding endpoint group %s", epgKey)
return nil, core.Errorf("endpoint group not found")
}
remoteEpgID = epg.EndpointGroupID
}
// Set protocol
switch rule.Protocol {
case "tcp":
ofnetRule.IpProtocol = 6
case "udp":
ofnetRule.IpProtocol = 17
case "icmp":
ofnetRule.IpProtocol = 1
case "igmp":
ofnetRule.IpProtocol = 2
case "":
ofnetRule.IpProtocol = 0
default:
proto, err := strconv.Atoi(rule.Protocol)
if err == nil && proto < 256 {
ofnetRule.IpProtocol = uint8(proto)
}
}
// Set directional parameters
switch dir {
case "inRx":
// Set src/dest endpoint group
ofnetRule.DstEndpointGroup = gp.EndpointGroupID
ofnetRule.SrcEndpointGroup = remoteEpgID
// Set src/dest IP Address
ofnetRule.SrcIpAddr = rule.IpAddress
// set port numbers
ofnetRule.DstPort = uint16(rule.Port)
// set tcp flags
if rule.Protocol == "tcp" && rule.Port == 0 {
ofnetRule.TcpFlags = "syn,!ack"
}
case "inTx":
// Set src/dest endpoint group
ofnetRule.SrcEndpointGroup = gp.EndpointGroupID
ofnetRule.DstEndpointGroup = remoteEpgID
// Set src/dest IP Address
ofnetRule.DstIpAddr = rule.IpAddress
// set port numbers
ofnetRule.SrcPort = uint16(rule.Port)
case "outRx":
// Set src/dest endpoint group
ofnetRule.DstEndpointGroup = gp.EndpointGroupID
ofnetRule.SrcEndpointGroup = remoteEpgID
// Set src/dest IP Address
ofnetRule.SrcIpAddr = rule.IpAddress
// set port numbers
ofnetRule.SrcPort = uint16(rule.Port)
case "outTx":
// Set src/dest endpoint group
ofnetRule.SrcEndpointGroup = gp.EndpointGroupID
ofnetRule.DstEndpointGroup = remoteEpgID
// Set src/dest IP Address
ofnetRule.DstIpAddr = rule.IpAddress
// set port numbers
ofnetRule.DstPort = uint16(rule.Port)
// set tcp flags
if rule.Protocol == "tcp" && rule.Port == 0 {
ofnetRule.TcpFlags = "syn,!ack"
}
default:
log.Fatalf("Unknown rule direction %s", dir)
}
// Add the Rule to policyDB
err := ofnetMaster.AddRule(ofnetRule)
if err != nil {
log.Errorf("Error creating rule {%+v}. Err: %v", ofnetRule, err)
return nil, err
}
log.Infof("Added rule {%+v} to policyDB", ofnetRule)
return ofnetRule, nil
}
// createOfnetRule creates a directional ofnet rule
func (gp *EpgPolicy) createOfnetRule(rule *contivModel.Rule, dir string) (*ofnet.OfnetPolicyRule, error) {
var remoteEpgID int
var err error
ruleID := gp.EpgPolicyKey + ":" + rule.Key + ":" + dir
// Create an ofnet rule
ofnetRule := new(ofnet.OfnetPolicyRule)
ofnetRule.RuleId = ruleID
ofnetRule.Priority = rule.Priority
ofnetRule.Action = rule.Action
// See if user specified an endpoint Group in the rule
if rule.FromEndpointGroup != "" {
remoteEpgID, err = GetEndpointGroupID(stateStore, rule.FromEndpointGroup, rule.TenantName)
if err != nil {
log.Errorf("Error finding endpoint group %s/%s/%s. Err: %v",
rule.FromEndpointGroup, rule.FromNetwork, rule.TenantName, err)
}
} else if rule.ToEndpointGroup != "" {
remoteEpgID, err = GetEndpointGroupID(stateStore, rule.ToEndpointGroup, rule.TenantName)
if err != nil {
log.Errorf("Error finding endpoint group %s/%s/%s. Err: %v",
rule.ToEndpointGroup, rule.ToNetwork, rule.TenantName, err)
}
} else if rule.FromNetwork != "" {
netKey := rule.TenantName + ":" + rule.FromNetwork
net := contivModel.FindNetwork(netKey)
if net == nil {
log.Errorf("Network %s not found", netKey)
return nil, errors.New("FromNetwork not found")
}
rule.FromIpAddress = net.Subnet
} else if rule.ToNetwork != "" {
netKey := rule.TenantName + ":" + rule.ToNetwork
net := contivModel.FindNetwork(netKey)
if net == nil {
log.Errorf("Network %s not found", netKey)
return nil, errors.New("ToNetwork not found")
}
rule.ToIpAddress = net.Subnet
}
// Set protocol
switch rule.Protocol {
case "tcp":
ofnetRule.IpProtocol = 6
case "udp":
ofnetRule.IpProtocol = 17
case "icmp":
ofnetRule.IpProtocol = 1
case "igmp":
ofnetRule.IpProtocol = 2
case "":
ofnetRule.IpProtocol = 0
default:
proto, err := strconv.Atoi(rule.Protocol)
if err == nil && proto < 256 {
ofnetRule.IpProtocol = uint8(proto)
}
}
// Set directional parameters
switch dir {
case "inRx":
// Set src/dest endpoint group
ofnetRule.DstEndpointGroup = gp.EndpointGroupID
ofnetRule.SrcEndpointGroup = remoteEpgID
// Set src/dest IP Address
ofnetRule.SrcIpAddr = rule.FromIpAddress
// set port numbers
ofnetRule.DstPort = uint16(rule.Port)
// set tcp flags
if rule.Protocol == "tcp" && rule.Port == 0 {
ofnetRule.TcpFlags = "syn,!ack"
}
case "inTx":
// Set src/dest endpoint group
ofnetRule.SrcEndpointGroup = gp.EndpointGroupID
ofnetRule.DstEndpointGroup = remoteEpgID
// Set src/dest IP Address
ofnetRule.DstIpAddr = rule.FromIpAddress
// set port numbers
ofnetRule.SrcPort = uint16(rule.Port)
case "outRx":
// Set src/dest endpoint group
ofnetRule.DstEndpointGroup = gp.EndpointGroupID
ofnetRule.SrcEndpointGroup = remoteEpgID
// Set src/dest IP Address
ofnetRule.SrcIpAddr = rule.ToIpAddress
// set port numbers
ofnetRule.SrcPort = uint16(rule.Port)
case "outTx":
// Set src/dest endpoint group
ofnetRule.SrcEndpointGroup = gp.EndpointGroupID
ofnetRule.DstEndpointGroup = remoteEpgID
// Set src/dest IP Address
ofnetRule.DstIpAddr = rule.ToIpAddress
// set port numbers
ofnetRule.DstPort = uint16(rule.Port)
// set tcp flags
if rule.Protocol == "tcp" && rule.Port == 0 {
ofnetRule.TcpFlags = "syn,!ack"
}
default:
log.Fatalf("Unknown rule direction %s", dir)
}
// Add the Rule to policyDB
err = ofnetMaster.AddRule(ofnetRule)
if err != nil {
log.Errorf("Error creating rule {%+v}. Err: %v", ofnetRule, err)
return nil, err
}
log.Infof("Added rule {%+v} to policyDB", ofnetRule)
return ofnetRule, nil
}