diff --git a/scripts/base/frameworks/openflow/plugins/ryu.bro b/scripts/base/frameworks/openflow/plugins/ryu.bro index 79d6a4a6fe..2340ac4d60 100644 --- a/scripts/base/frameworks/openflow/plugins/ryu.bro +++ b/scripts/base/frameworks/openflow/plugins/ryu.bro @@ -60,6 +60,8 @@ type ryu_ofp_flow_mod: record { flags: count &optional; match: OpenFlow::ofp_match; actions: vector of ryu_flow_action; + out_port: count &optional; + out_group: count &optional; }; # Mapping between ofp flow mod commands and ryu urls @@ -98,6 +100,11 @@ function ryu_flow_mod(state: OpenFlow::ControllerState, match: ofp_match, flow_m $actions=flow_actions ); + if ( flow_mod?$out_port ) + mod$out_port = flow_mod$out_port; + if ( flow_mod?$out_group ) + mod$out_group = flow_mod$out_group; + # Type of the command local command_type: string; diff --git a/scripts/base/frameworks/openflow/types.bro b/scripts/base/frameworks/openflow/types.bro index 6c10b80125..26862f6df3 100644 --- a/scripts/base/frameworks/openflow/types.bro +++ b/scripts/base/frameworks/openflow/types.bro @@ -70,7 +70,8 @@ export { ## Priority level of flow entry. priority: count &default=0; ## For OFPFC_DELETE* commands, require matching entried to include - ## this as an output port. OFPP_ANY means no restrictions. + ## this as an output port/group. OFPP_ANY/OFPG_ANY means no restrictions. + out_port: count &optional; out_group: count &optional; ## Bitmap of the OFPFF_* flags flags: count &default=0; diff --git a/scripts/base/frameworks/pacf/plugins/openflow.bro b/scripts/base/frameworks/pacf/plugins/openflow.bro index 8bda72092e..518f6cec28 100644 --- a/scripts/base/frameworks/pacf/plugins/openflow.bro +++ b/scripts/base/frameworks/pacf/plugins/openflow.bro @@ -10,6 +10,7 @@ export { idle_timeout: count &default=60; table_id: count &optional; + check_pred: function(p: PluginState, r: Rule): bool &optional &weaken; match_pred: function(p: PluginState, e: Entity, m: vector of OpenFlow::ofp_match): vector of OpenFlow::ofp_match &optional &weaken; flow_mod_pred: function(p: PluginState, r: Rule, m: OpenFlow::ofp_flow_mod): OpenFlow::ofp_flow_mod &optional &weaken; }; @@ -30,8 +31,13 @@ function openflow_name(p: PluginState) : string return fmt("Openflow - %s", p$of_controller$describe(p$of_controller$state)); } -function openflow_check_rule(c: OfConfig, r: Rule) : bool +function openflow_check_rule(p: PluginState, r: Rule) : bool { + local c = p$of_config; + + if ( p$of_config?$check_pred ) + return p$of_config$check_pred(p, r); + if ( r$target == MONITOR && c$monitor ) return T; @@ -183,9 +189,7 @@ function openflow_rule_to_flow_mod(p: PluginState, r: Rule) : OpenFlow::ofp_flow function openflow_add_rule(p: PluginState, r: Rule) : bool { - local c = p$of_config; - - if ( ! openflow_check_rule(c, r) ) + if ( ! openflow_check_rule(p, r) ) return F; local flow_mod = openflow_rule_to_flow_mod(p, r); @@ -202,7 +206,7 @@ function openflow_add_rule(p: PluginState, r: Rule) : bool function openflow_remove_rule(p: PluginState, r: Rule) : bool { - if ( ! openflow_check_rule(p$of_config, r) ) + if ( ! openflow_check_rule(p, r) ) return F; local flow_mod: OpenFlow::ofp_flow_mod = [ diff --git a/scripts/base/frameworks/pacf/types.bro b/scripts/base/frameworks/pacf/types.bro index b1663f19d9..08fa7bfeb8 100644 --- a/scripts/base/frameworks/pacf/types.bro +++ b/scripts/base/frameworks/pacf/types.bro @@ -21,7 +21,7 @@ export { conn: conn_id &optional; ##< Used with :bro:id:`CONNECTION` . flow: flow_id &optional; ##< Used with :bro:id:`FLOW` . ip: subnet &optional; ##< Used with :bro:id:`ORIGINATOR`/:bro:id:`RESPONDER`/:bro:id:`ADDRESS`; can specifiy a CIDR subnet. - mac: string &optional; ##< Used with :bro:id:`MAC`/:bro:id:`ORIGMAC`/:bro:id:`DESTMAC`. + mac: string &optional; ##< Used with :bro:id:`MAC`/:bro:id:`ORIGMAC`/:bro:id:`DESTMAC`/:bro:id:`MACFLOW`. dst_mac: string &optional; ##< Used with :bro:id:`MACFLOW`; specifies the destination for the flow. }; diff --git a/testing/btest/Baseline/scripts.base.frameworks.pacf.openflow/openflow.log b/testing/btest/Baseline/scripts.base.frameworks.pacf.openflow/openflow.log index 6031a6cdc0..c43ddd9f85 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.pacf.openflow/openflow.log +++ b/testing/btest/Baseline/scripts.base.frameworks.pacf.openflow/openflow.log @@ -3,10 +3,10 @@ #empty_field (empty) #unset_field - #path openflow -#open 2015-04-14-22-20-31 -#fields ts dpid match.in_port match.dl_src match.dl_dst match.dl_vlan match.dl_vlan_pcp match.dl_type match.nw_tos match.nw_proto match.nw_src match.nw_dst match.tp_src match.tp_dst flow_mod.cookie flow_mod.table_id flow_mod.command flow_mod.idle_timeout flow_mod.hard_timeout flow_mod.priority flow_mod.out_group flow_mod.flags flow_mod.out_ports -#types time count count string string count count count count count subnet subnet port port count count enum count count count count count vector[count] -1254722767.875996 42 - - - - - 2048 - 6 10.10.1.4/32 74.53.140.153/32 1470 25 2 - OpenFlow::OFPFC_ADD 60 30 0 - 0 (empty) -1254722767.875996 42 - - - - - 2048 - - 10.10.1.4/32 - - - 3 - OpenFlow::OFPFC_ADD 60 15 0 - 0 (empty) -1254722767.875996 42 - - - - - 2048 - - - 10.10.1.4/32 - - 3 - OpenFlow::OFPFC_ADD 60 15 0 - 0 (empty) -#close 2015-04-14-22-20-31 +#open 2015-04-15-19-15-14 +#fields ts dpid match.in_port match.dl_src match.dl_dst match.dl_vlan match.dl_vlan_pcp match.dl_type match.nw_tos match.nw_proto match.nw_src match.nw_dst match.tp_src match.tp_dst flow_mod.cookie flow_mod.table_id flow_mod.command flow_mod.idle_timeout flow_mod.hard_timeout flow_mod.priority flow_mod.out_port flow_mod.out_group flow_mod.flags flow_mod.out_ports +#types time count count string string count count count count count subnet subnet port port count count enum count count count count count count vector[count] +1254722767.875996 42 - - - - - 2048 - 6 10.10.1.4/32 74.53.140.153/32 1470 25 2 - OpenFlow::OFPFC_ADD 60 30 0 - - 0 (empty) +1254722767.875996 42 - - - - - 2048 - - 10.10.1.4/32 - - - 3 - OpenFlow::OFPFC_ADD 60 15 0 - - 0 (empty) +1254722767.875996 42 - - - - - 2048 - - - 10.10.1.4/32 - - 3 - OpenFlow::OFPFC_ADD 60 15 0 - - 0 (empty) +#close 2015-04-15-19-15-14