@Override public int getSrcIP(FPContext cntx) { FloodlightContext flCntx = cntx.getFlowContext(); Ethernet eth = IFloodlightProviderService.bcStore.get(flCntx,IFloodlightProviderService.CONTEXT_PI_PAYLOAD); IPv4Address srcIP; if(eth.getEtherType() == EthType.IPv4) { IPv4 ipv4 = (IPv4) eth.getPayload(); srcIP = ipv4.getSourceAddress(); return srcIP.getInt(); } else if (eth.getEtherType() == EthType.ARP){ ARP arp = (ARP) eth.getPayload(); srcIP = arp.getSenderProtocolAddress(); return srcIP.getInt(); } //for other packets without source IP information return 0; }
@Override public int getDstIP(FPContext cntx) { FloodlightContext flCntx = cntx.getFlowContext(); Ethernet eth = IFloodlightProviderService.bcStore.get(flCntx,IFloodlightProviderService.CONTEXT_PI_PAYLOAD); IPv4Address dstIP; if(eth.getEtherType() == EthType.IPv4) { IPv4 ipv4 = (IPv4) eth.getPayload(); dstIP = ipv4.getDestinationAddress(); return dstIP.getInt(); } else if (eth.getEtherType() == EthType.ARP){ ARP arp = (ARP) eth.getPayload(); dstIP = arp.getTargetProtocolAddress(); return dstIP.getInt(); } //for other packets without destination IP information return 0; }
@Override public long getARPSenderMAC(FPContext cntx){ FloodlightContext flCntx = cntx.getFlowContext(); Ethernet eth = IFloodlightProviderService.bcStore.get(flCntx,IFloodlightProviderService.CONTEXT_PI_PAYLOAD); MacAddress senderMAC; if (eth.getEtherType() == EthType.ARP){ ARP arp = (ARP) eth.getPayload(); senderMAC = arp.getSenderHardwareAddress(); return senderMAC.getLong(); } //for other non-arp packets return 0; }
@Override public long getARPTargetMAC(FPContext cntx){ FloodlightContext flCntx = cntx.getFlowContext(); Ethernet eth = IFloodlightProviderService.bcStore.get(flCntx,IFloodlightProviderService.CONTEXT_PI_PAYLOAD); MacAddress senderMAC; if (eth.getEtherType() == EthType.ARP){ ARP arp = (ARP) eth.getPayload(); senderMAC = arp.getTargetHardwareAddress(); return senderMAC.getLong(); } //for other non-arp packets return 0; }
@Override public byte[] serialize() { short length = 4 /* magic */ + 2 /* type */ + 2 /* version */; byte[] payloadData = null; if (this.payload != null) { payload.setParent(this); payloadData = payload.serialize(); length += payloadData.length; } byte[] data = new byte[length]; ByteBuffer bb = ByteBuffer.wrap(data); bb.putInt(BSN_MAGIC); bb.putShort(this.type); bb.putShort(this.version); if (payloadData != null) bb.put(payloadData); if (this.parent != null && this.parent instanceof Ethernet) ((Ethernet)this.parent).setEtherType(EthType.of(Ethernet.TYPE_BSN & 0xffff)); /* treat as unsigned */ return data; }
/** * The default rule is to match on anything. */ public FirewallRule() { this.dpid = DatapathId.NONE; this.in_port = OFPort.ANY; this.dl_src = MacAddress.NONE; this.dl_dst = MacAddress.NONE; this.dl_type = EthType.NONE; this.nw_src_prefix_and_mask = IPv4AddressWithMask.NONE; this.nw_dst_prefix_and_mask = IPv4AddressWithMask.NONE; this.nw_proto = IpProtocol.NONE; this.tp_src = TransportPort.NONE; this.tp_dst = TransportPort.NONE; this.any_dpid = true; this.any_in_port = true; this.any_dl_src = true; this.any_dl_dst = true; this.any_dl_type = true; this.any_nw_src = true; this.any_nw_dst = true; this.any_nw_proto = true; this.any_tp_src = true; this.any_tp_dst = true; this.priority = 0; this.action = FirewallAction.ALLOW; this.ruleid = 0; }
private OFPacketIn createPacketIn(String srcMAC, String dstMAC, String srcIp, String dstIp, short vlan) { IPacket testPacket = new Ethernet() .setDestinationMACAddress(dstMAC) .setSourceMACAddress(srcMAC) .setVlanID(vlan) .setEtherType(EthType.IPv4) .setPayload( new IPv4() .setTtl((byte) 128) .setSourceAddress(srcIp) .setDestinationAddress(dstIp) .setPayload(new UDP() .setSourcePort((short) 5000) .setDestinationPort((short) 5001) .setPayload(new Data(new byte[] {0x01})))); byte[] testPacketSerialized = testPacket.serialize(); OFPacketIn pi; // build out input packet pi = OFFactories.getFactory(OFVersion.OF_13).buildPacketIn() .setBufferId(OFBufferId.NO_BUFFER) .setData(testPacketSerialized) .setReason(OFPacketInReason.NO_MATCH) .build(); return pi; }
private void sendArpReply(MacAddress senderMac, IPv4Address senderIp, MacAddress targetMac, IPv4Address targetIp, IOFSwitch sw, OFPort port) { IPacket arpReply = new Ethernet() .setSourceMACAddress(senderMac) .setDestinationMACAddress(targetMac) .setEtherType(EthType.ARP) .setPayload( new ARP() .setHardwareType(ARP.HW_TYPE_ETHERNET) .setProtocolType(ARP.PROTO_TYPE_IP) .setHardwareAddressLength((byte) 6) .setProtocolAddressLength((byte) 4) .setOpCode(ARP.OP_REPLY) .setSenderHardwareAddress(senderMac.getBytes()) .setSenderProtocolAddress(senderIp.getBytes()) .setTargetHardwareAddress(targetMac.getBytes()) .setTargetProtocolAddress(targetIp.getBytes())); pushPacket(arpReply, sw, OFBufferId.NO_BUFFER, OFPort.ANY, port); }
private OFFlowMod createFlowMod(String ethDst, int inPort, int outPort) { OFFactory fact = OFFactories.getFactory(OFVersion.OF_13); Match match = fact.buildMatch() .setExact(MatchField.ETH_TYPE, EthType.IPv4) .setExact(MatchField.IN_PORT, OFPort.of(inPort)) .setExact(MatchField.ETH_DST, MacAddress.of(ethDst)).build(); OFAction action = fact.actions().output(OFPort.of(outPort), 65509); return fact.buildFlowAdd() .setXid(19) .setIdleTimeout(5) .setPriority(10) .setBufferId(OFBufferId.of(268)) .setMatch(match) .setActions(Stream.of(action).collect(Collectors.toList())) .build(); }
/** * Installs a default FlowMod on the switch to allow LLDP traffic. * LLDP flows have an higher priority than the DROP ones. * * @param swId The switch ID */ private void permitStdLLDP(long swId) { IOFSwitch sw = floodlightProvider.getMasterSwitch(swId); OFFactory factory = sw.getFactory(); OFFlowMod.Builder builder = factory.buildFlowAdd(); Match match = factory.buildMatch() .setExact(MatchField.ETH_TYPE, EthType.LLDP) .setExact(MatchField.ETH_DST, LLDP_MAC_ADDRESS) .build(); List<OFAction> actionList = new ArrayList<OFAction>(); OFAction action = factory.actions().output(OFPort.CONTROLLER, Short.MAX_VALUE); actionList.add(action); builder.setMatch(match) .setActions(actionList) .setIdleTimeout(IDLE_TIMEOUT) .setHardTimeout(HARD_TIMEOUT) .setBufferId(OFBufferId.NO_BUFFER) .setPriority(DEFAULT_RULE_PRIORITY); OFMessage ofMessage = builder.build(); log.debug("Sending 'LLDP permit' OF message to switch {}.", swId); flowPusher.add(new Dpid(swId), ofMessage); }
/** * The method installs a default FlowMod on the switch to allow ARP traffic. * ARP flows have an higher priority than the DROP ones * * @param swId The switch ID */ private void permitARP(long swId) { IOFSwitch sw = floodlightProvider.getMasterSwitch(swId); OFFactory factory = sw.getFactory(); OFFlowMod.Builder builder = factory.buildFlowAdd(); Match match = factory.buildMatch() .setExact(MatchField.ETH_TYPE, EthType.ARP) .build(); List<OFAction> actionList = new ArrayList<OFAction>(); OFAction action = factory.actions().output(OFPort.CONTROLLER, Short.MAX_VALUE); actionList.add(action); builder.setMatch(match) .setActions(actionList) .setIdleTimeout(IDLE_TIMEOUT) .setHardTimeout(HARD_TIMEOUT) .setBufferId(OFBufferId.NO_BUFFER) .setPriority(DEFAULT_RULE_PRIORITY); OFMessage ofMessage = builder.build(); log.debug("Sending 'ARP permit' OF message to the switch {}.", swId); flowPusher.add(new Dpid(swId), ofMessage); }
@Override protected OFOxmList getIPEntryMatchList(OFFactory ofFactory, Match match) { /* For Dell Switches, the IP entry match list shall * also include destination mac matching rule */ Ipv4Match ipm = (Ipv4Match) match; IPv4Net ipdst = ipm.getDestination(); OFOxmEthType ethTypeIp = ofFactory.oxms() .ethType(EthType.IPv4); OFOxmEthDst dmac = ofFactory.oxms().ethDst(getRouterMacAddr()); OFOxmIpv4DstMasked ipPrefix = ofFactory.oxms() .ipv4DstMasked( IPv4Address.of(ipdst.address().value()), IPv4Address.ofCidrMaskLength(ipdst.prefixLen()) ); OFOxmList oxmList = OFOxmList.of(ethTypeIp, dmac, ipPrefix); return oxmList; }