diff options
| author | IWASE Yusuke <iwase.yusuke0@gmail.com> | 2016-11-18 09:58:08 +0900 |
|---|---|---|
| committer | FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> | 2016-11-18 15:56:45 +0900 |
| commit | d4d02dd0f61dc33f40a099e076cfe0ed307b856f (patch) | |
| tree | 35f5925edee94d3170dfde92b9f9063233622195 | |
| parent | 156b3d2a6e095379167b2d9a0c97ee3c02b14848 (diff) | |
rest_firewall: Compare reserved port in str representation
Along with the update of ofctl_rest, the output representation of
the port number in the OUTPUT action has been changed.
e.g.) In case of the OUTPUT action to the OFPP_NORMAL port
OLD:
'OUTPUT:4294967290' # OFPP_NORMAL = 0xfffffffa
NOW:
'OUTPUT:NORMAL'
Currently, rest_firewall suposes the OLD format, and it will fail
to compare the port number, then all firewall rules will be shown
with "actions": "DENY".
This patch fixes to compare the port number in the NEW format and
fixes this problem.
Reported-by: Hong Panha <c011361065@edu.teu.ac.jp>
Reported-by: Ruy Takata <ruy.takata@gmail.com>
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
| -rw-r--r-- | ryu/app/rest_firewall.py | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/ryu/app/rest_firewall.py b/ryu/app/rest_firewall.py index a04525f7..81659a9a 100644 --- a/ryu/app/rest_firewall.py +++ b/ryu/app/rest_firewall.py @@ -679,8 +679,7 @@ class Firewall(object): def _set_log_status(self, is_enable, waiters): if is_enable: - actions = Action.to_openflow(self.dp, - {REST_ACTION: REST_ACTION_PACKETIN}) + actions = Action.to_openflow({REST_ACTION: REST_ACTION_PACKETIN}) details = 'Log collection started.' else: actions = [] @@ -722,7 +721,7 @@ class Firewall(object): priority = ARP_FLOW_PRIORITY match = {REST_DL_TYPE: ether.ETH_TYPE_ARP} action = {REST_ACTION: REST_ACTION_ALLOW} - actions = Action.to_openflow(self.dp, action) + actions = Action.to_openflow(action) flow = self._to_of_flow(cookie=cookie, priority=priority, match=match, actions=actions) @@ -754,7 +753,7 @@ class Firewall(object): result = self.get_log_status(waiters) if result[REST_LOG_STATUS] == REST_STATUS_ENABLE: rest[REST_ACTION] = REST_ACTION_PACKETIN - actions = Action.to_openflow(self.dp, rest) + actions = Action.to_openflow(rest) flow = self._to_of_flow(cookie=cookie, priority=priority, match=match, actions=actions) @@ -881,7 +880,7 @@ class Firewall(object): rule = {REST_RULE_ID: ruleid} rule.update({REST_PRIORITY: flow[REST_PRIORITY]}) rule.update(Match.to_rest(flow)) - rule.update(Action.to_rest(self.dp, flow)) + rule.update(Action.to_rest(flow)) return rule @@ -1079,19 +1078,17 @@ class Match(object): class Action(object): @staticmethod - def to_openflow(dp, rest): + def to_openflow(rest): value = rest.get(REST_ACTION, REST_ACTION_ALLOW) if value == REST_ACTION_ALLOW: - out_port = dp.ofproto.OFPP_NORMAL action = [{'type': 'OUTPUT', - 'port': out_port}] + 'port': 'NORMAL'}] elif value == REST_ACTION_DENY: action = [] elif value == REST_ACTION_PACKETIN: - out_port = dp.ofproto.OFPP_CONTROLLER action = [{'type': 'OUTPUT', - 'port': out_port, + 'port': 'CONTROLLER', 'max_len': 128}] else: raise ValueError('Invalid action type.') @@ -1099,9 +1096,9 @@ class Action(object): return action @staticmethod - def to_rest(dp, openflow): + def to_rest(openflow): if REST_ACTION in openflow: - action_allow = 'OUTPUT:%d' % dp.ofproto.OFPP_NORMAL + action_allow = 'OUTPUT:NORMAL' if openflow[REST_ACTION] == [action_allow]: action = {REST_ACTION: REST_ACTION_ALLOW} else: |