add a few more flow_mod options and the option to check via a predicate

if a module wants to be responsible for a certain rule...

scripts/base/frameworks/openflow/plugins/ryu.bro

@@ -60,6 +60,8 @@ type ryu_ofp_flow_mod: record {
 	flags: count &optional;
 	match: OpenFlow::ofp_match;
 	actions: vector of ryu_flow_action;
+	out_port: count &optional;
+	out_group: count &optional;
 };
 
 # Mapping between ofp flow mod commands and ryu urls
@@ -98,6 +100,11 @@ function ryu_flow_mod(state: OpenFlow::ControllerState, match: ofp_match, flow_m
 		$actions=flow_actions
 	);
 
+	if ( flow_mod?$out_port )
+		mod$out_port = flow_mod$out_port;
+	if ( flow_mod?$out_group )
+		mod$out_group = flow_mod$out_group;
+
 	# Type of the command
 	local command_type: string;
 

scripts/base/frameworks/openflow/types.bro

@@ -70,7 +70,8 @@ export {
 		## Priority level of flow entry.
 		priority: count &default=0;
 		## For OFPFC_DELETE* commands, require matching entried to include
-		## this as an output port. OFPP_ANY means no restrictions.
+		## this as an output port/group. OFPP_ANY/OFPG_ANY means no restrictions.
+		out_port: count &optional;
 		out_group: count &optional;
 		## Bitmap of the OFPFF_* flags
 		flags: count &default=0;

scripts/base/frameworks/pacf/plugins/openflow.bro

@@ -10,6 +10,7 @@ export {
 		idle_timeout: count &default=60;
 		table_id: count &optional;
 
+		check_pred: function(p: PluginState, r: Rule): bool &optional &weaken;
 		match_pred: function(p: PluginState, e: Entity, m: vector of OpenFlow::ofp_match): vector of OpenFlow::ofp_match &optional &weaken;
 		flow_mod_pred: function(p: PluginState, r: Rule, m: OpenFlow::ofp_flow_mod): OpenFlow::ofp_flow_mod &optional &weaken;
 	};
@@ -30,8 +31,13 @@ function openflow_name(p: PluginState) : string
 	return fmt("Openflow - %s", p$of_controller$describe(p$of_controller$state));
 	}
 
-function openflow_check_rule(c: OfConfig, r: Rule) : bool
+function openflow_check_rule(p: PluginState, r: Rule) : bool
 	{
+	local c = p$of_config;
+
+	if ( p$of_config?$check_pred )
+		return p$of_config$check_pred(p, r);
+
 	if ( r$target == MONITOR && c$monitor )
 		return T;
 
@@ -183,9 +189,7 @@ function openflow_rule_to_flow_mod(p: PluginState, r: Rule) : OpenFlow::ofp_flow
 
 function openflow_add_rule(p: PluginState, r: Rule) : bool
 	{
-	local c = p$of_config;
+	if ( ! openflow_check_rule(p, r) )
-
-	if ( ! openflow_check_rule(c, r) )
 		return F;
 
 	local flow_mod = openflow_rule_to_flow_mod(p, r);
@@ -202,7 +206,7 @@ function openflow_add_rule(p: PluginState, r: Rule) : bool
 
 function openflow_remove_rule(p: PluginState, r: Rule) : bool
 	{
-	if ( ! openflow_check_rule(p$of_config, r) )
+	if ( ! openflow_check_rule(p, r) )
 		return F;
 
 	local flow_mod: OpenFlow::ofp_flow_mod = [

scripts/base/frameworks/pacf/types.bro

@@ -21,7 +21,7 @@ export {
 		conn: conn_id &optional;	##< Used with :bro:id:`CONNECTION` .
 		flow: flow_id &optional;	##< Used with :bro:id:`FLOW` .
 		ip: subnet &optional;		##< Used with :bro:id:`ORIGINATOR`/:bro:id:`RESPONDER`/:bro:id:`ADDRESS`; can specifiy a CIDR subnet.
-		mac: string &optional;		##< Used with :bro:id:`MAC`/:bro:id:`ORIGMAC`/:bro:id:`DESTMAC`.
+		mac: string &optional;		##< Used with :bro:id:`MAC`/:bro:id:`ORIGMAC`/:bro:id:`DESTMAC`/:bro:id:`MACFLOW`.
 		dst_mac: string &optional;	##< Used with :bro:id:`MACFLOW`; specifies the destination for the flow.
 	};
 

testing/btest/Baseline/scripts.base.frameworks.pacf.openflow/openflow.log

@@ -3,10 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	openflow
-#open	2015-04-14-22-20-31
+#open	2015-04-15-19-15-14
-#fields	ts	dpid	match.in_port	match.dl_src	match.dl_dst	match.dl_vlan	match.dl_vlan_pcp	match.dl_type	match.nw_tos	match.nw_proto	match.nw_src	match.nw_dst	match.tp_src	match.tp_dst	flow_mod.cookie	flow_mod.table_id	flow_mod.command	flow_mod.idle_timeout	flow_mod.hard_timeout	flow_mod.priority	flow_mod.out_group	flow_mod.flags	flow_mod.out_ports
+#fields	ts	dpid	match.in_port	match.dl_src	match.dl_dst	match.dl_vlan	match.dl_vlan_pcp	match.dl_type	match.nw_tos	match.nw_proto	match.nw_src	match.nw_dst	match.tp_src	match.tp_dst	flow_mod.cookie	flow_mod.table_id	flow_mod.command	flow_mod.idle_timeout	flow_mod.hard_timeout	flow_mod.priority	flow_mod.out_port	flow_mod.out_group	flow_mod.flags	flow_mod.out_ports
-#types	time	count	count	string	string	count	count	count	count	count	subnet	subnet	port	port	count	count	enum	count	count	count	count	count	vector[count]
+#types	time	count	count	string	string	count	count	count	count	count	subnet	subnet	port	port	count	count	enum	count	count	count	count	count	count	vector[count]
-1254722767.875996	42	-	-	-	-	-	2048	-	6	10.10.1.4/32	74.53.140.153/32	1470	25	2	-	OpenFlow::OFPFC_ADD	60	30	0	-	0	(empty)
+1254722767.875996	42	-	-	-	-	-	2048	-	6	10.10.1.4/32	74.53.140.153/32	1470	25	2	-	OpenFlow::OFPFC_ADD	60	30	0	-	-	0	(empty)
-1254722767.875996	42	-	-	-	-	-	2048	-	-	10.10.1.4/32	-	-	-	3	-	OpenFlow::OFPFC_ADD	60	15	0	-	0	(empty)
+1254722767.875996	42	-	-	-	-	-	2048	-	-	10.10.1.4/32	-	-	-	3	-	OpenFlow::OFPFC_ADD	60	15	0	-	-	0	(empty)
-1254722767.875996	42	-	-	-	-	-	2048	-	-	-	10.10.1.4/32	-	-	3	-	OpenFlow::OFPFC_ADD	60	15	0	-	0	(empty)
+1254722767.875996	42	-	-	-	-	-	2048	-	-	-	10.10.1.4/32	-	-	3	-	OpenFlow::OFPFC_ADD	60	15	0	-	-	0	(empty)
-#close	2015-04-14-22-20-31
+#close	2015-04-15-19-15-14