-
Notifications
You must be signed in to change notification settings - Fork 2
/
policy_manager.py
147 lines (102 loc) · 4.48 KB
/
policy_manager.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
import networkx as nx
from ryu.lib.packet import ethernet, ipv4, vlan, ipv6, arp
policy_list = []
action_list = []
class Policy(object):
def __init__(self):
self.match_list = {}
self.actions_list = {}
def match(self, protocol=0, ip_src=0, ip_dst= 0,
eth_src=0, eth_dst=0, eth_type=0, all=False):
self.match_list = {
'protocol': protocol,
'ip_src': ip_src,
'ip_dst': ip_dst,
'eth_src': eth_src,
'eth_dst': eth_dst,
'eth_type': eth_type,
'all': all
}
def get_matches(self):
return self.match_list
def priority(self, priority=0):
self.priority=priority
def get_priority(self):
return self.priority
def action(self, bandwidth_requirement=0, bandwidth_requirement_strict= False, allow_load_balance=False, random_routing=False, block=False, traffic_class = 0):
self.actions_list = {
'bandwidth_requirement': bandwidth_requirement,
'bandwidth_requirement_strict': bandwidth_requirement_strict,
'allow_load_balance': allow_load_balance,
'random_routing': random_routing,
'block': block,
'traffic_class' : traffic_class
}
def get_actions(self):
return self.actions_list
def print_policy(self):
printlist = ["Condition(s)"]
for key, value in self.match_list.iteritems():
if value != 0 or value is True:
printlist.extend((key,value))
printlist.append("Action(s): ")
for key, value in self.actions_list.iteritems():
if value != 0 or value is True:
printlist.extend((key,value))
return printlist
#Function that finds the associated policies
def policy_finder(packet, policy_list):
eth = packet.get_protocols(ethernet.ethernet)[0]
if packet.get_protocol(arp.arp):
ip = packet.get_protocols(arp.arp)[0]
ip_dst = ip.dst_ip
ip_src = ip.src_ip
elif packet.get_protocol(ipv4.ipv4):
ip = packet.get_protocols(ipv4.ipv4)[0]
ip_dst = ip.dst
ip_src = ip.src
eth_dst = eth.dst
eth_src = eth.src
eth_type = eth.ethertype
proto = ip.proto
del action_list[:]
for policy in policy_list:
policy_check=[policy.get_matches()]
for p in policy_check:
total_matches = 0
actual_matches = 0
for key, value in p.iteritems():
#Filters out unset parameters
if value != 0 or value is True:
total_matches = total_matches+1
if key == "protocol" and value == proto:
actual_matches = actual_matches+1
if key == "ip_dst" and value == ip_dst:
actual_matches = actual_matches+1
if key == "ip_src" and value == ip_src:
actual_matches = actual_matches+1
if key == "eth_src" and value == eth_src:
actual_matches = actual_matches+1
if key == "eth_dst" and value == eth_dst:
actual_matches = actual_matches+1
if key == "eth_type" and value == eth_type:
actual_matches = actual_matches+1
#Ensures that all policy criterions are matched with parameters from the packet
if actual_matches == total_matches:
#Ensures that 20 is the lowest possible priority.
if policy.get_priority() > 20:
policy.priority = 20
#If no priority is specified, use longest prefix to determine the priority.
if policy.get_priority() == 0 or isinstance(policy.get_priority(), int) is False:
policy.priority = 10 - actual_matches
#Action list represents all the policies which are to be executed
action_list.append(policy)
print "Found policy: ", policy.print_policy(), " with priority ", policy.get_priority()
#Sorts the list based on the priority. Highest priority first!
action_list.sort(key=lambda x: x.priority, reverse=False)
#Returns a list of matched and sorted policies
return action_list
#Function that checks the policies against the topology and excisting rules
#TODO: Create Network_checker() and Running_policy_checker()
#TODO: Pass the returned list from policy_finder to network_checker
#