When the controller receive loop currently accepts an OpenFlow
message, it does not validate the message length. As a result, a
malicious or malfunctioning switch could cause send a message that
would result in the receive loop making no forward progress.
This patch ensures that the message length passed in the OpenFlow
message is validated against the specified minimum, and forced to that
value if it is smaller.
Thanks to Samuel Jero (at Purdue's Dependable and Secure Distributed
Systems Lab) for discovering this issue.
Signed-off-by: Victor J. Orlikowski <vjo@duke.edu>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Usage: After installing Ryu (on virtualenv is better), build a
ryu-manager executable as following:
$ pip install PyInstaller==3.1.1
$ cd tools/
$ pyinstaller ryu-manager.spec
$ ./dist/ryu-manager
Note: PyInstaller==3.2 may have a bug of str encoding, please use
Pyinstaller==3.1.1 instead.
https://github.com/pyinstaller/pyinstaller/issues/1976
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Navigates back the stack to locate the module instead of relying on
inspect to locate the module based on the file name.
This patch is suggested by papostolescu as Pull Request(*1)
on GitHub.
(*1) https://github.com/osrg/ryu/pull/26
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Because the NLRI_CLASS of the VRF EVPN Table is the same as the
NLRI_CLASS of the Global EVPN Table, the str representation can not
be distinguished with 'formatted_nlri_str' format.
So, 'show vrf' commands on the SSH console returns the str outputs
with Route Distinguisher (RD) even if the route on the VRF Table
can be identified without RD value.
This patch implements the str representation properties to output
BGP routes on SSH console.
Current: RD '65001:100' is duplicated
bgpd> show vrf all
VPN: ('65001:100', 'evpn')
*> 65001💯multicast_etag(ethernet_tag_id:300,ip_addr:10.10.1.0) None 0.0.0.0 Only Path ?
With this patch:
bgpd> show vrf all
VPN: ('65001:100', 'evpn')
*> multicast_etag(ethernet_tag_id:300,ip_addr:10.10.1.0) None 0.0.0.0 Only Path ?
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Currently, RegisterWithArgChecks validates only required arguments,
so invalid arguments might be passed through if the arguments are
registered as optionals.
This patch fixes to enable validation for optional arguments.
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
In the validator for the API arguments should raise exception
when the validator detects invalid arguments, otherwise the
decorator for registering API functions, RegisterWithArgChecks,
can pass through the invalid arguments.
This patch fixes this problem.
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
This patch fixes to reduce Pylint warnings, to use 'netaddr' utilities
and to reduce redundant if statements.
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
This patch remames the internal (not for users) API for the consistency,
and add missing docstring.
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
This patch enables BGPSpeaker to store EVPN routes into the VRF
tables and to provide the API for advertising routes.
Usage example:
speaker = BGPSpeaker(as_number=65001,
router_id='172.17.0.1')
speaker.neighbor_add(address='172.17.0.2', remote_as=65002,
enable_evpn=True)
speaker.vrf_add(route_dist='65001:100',
import_rts=['65001:100'],
export_rts=['65001:100'],
route_family=RF_L2_EVPN)
speaker.evpn_prefix_add(route_type=EVPN_MAC_IP_ADV_ROUTE,
route_dist='65001:100',
esi=0,
ethernet_tag_id=200,
mac_addr='aa:bb:cc:dd:ee:ff',
ip_addr='10.0.0.1',
next_hop='172.19.0.1')
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
This patch enables BGPSpeaker to advertise BGP EVPN routes and
store the advertised BGP EVPN routes from the neighbors.
TODO:
- To support the VRF table for BGP EVPN routes.
This patch supports the global table only.
- To implement Multihoming Functions.
Currently, ONLY Single-Homing is supported.
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Currently, SSH console of BGPSpeaker fails to recieve commands from
user when it is running on Python3 due to the binary conversion.
This patch fixes this problem and enables to use SSH console on
Python3.
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
This patch fixes the TCP packet parser to return the BGP packet
parser class if the TCP src or dst port is the reserved BGP port
and enable to parse the entire packet data.
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
So far if you set the packet library to OFPPacketOut.data, error occurred.
This patch will be able to set the packet library in OFPPacketOut.data.
Signed-off-by: Shinpei Muraoka <shinpei.muraoka@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
To improve Pylint results, this patch fixes to utilise six.moves.builtins
instead of using __builtin__ on Python2 or builtins on Python3.
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Currently, the assignment for 'table_id' is missing in the arguments
of str representation.
This patch fixes this problem.
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Currently, 'dst_start_end' and 'src_start_end' in NXActionLearn
are not initialized before assignment to convert into string
representation.
This patch fixes this problem.
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
When a Datapath disconnects, an application may not know about it
until it attempts to send a message to that Datapath.
Ryu's core will detect the failure to send, and will close the
Datapath object - but has no way of letting the application know that
it did so.
With this patch, send_msg() returns True or False, depending on
whether the message that the application was trying to send was able
to be enqueued to send via a given Datapath object.
If the Datapath.send_msg() returns False, the calling application can
thereby determine that the Datapath is no longer valid, and should
clean up any references it has to it.
Existing applications may choose to ignore the return value, and
nothing breaks.
I have patched one utility method that uses send_msg(), since it was
not marked as deprecated. All utility methods marked as deprecated, I
have not altered.
Signed-off-by: Victor J. Orlikowski <vjo@duke.edu>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
A quick patch to clean up stale Datapath objects in the ofctl_service application.
Signed-off-by: Victor J. Orlikowski <vjo@duke.edu>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Since zone_src in NXActionCT was not possible to specify string,
update zone_src of NXActionCT for the uniformity.
Therefore, you will be able to specify string of OXM/NXM fields for zone_src.
If you want to set the immediate value for zone,
zone_src set the None or empty character string.
Signed-off-by: Shinpei Muraoka <shinpei.muraoka@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
This patch will revert the API of NXAction for the following report.
https://bugs.launchpad.net/dragonflow/+bug/1599367
revert commit id: 3c3896fd77f274ce953dcb78795aa5cc4fde6c65
This patch reverts recently introduced start and end arguments.
Add the utility method for ofs_nbits.
NXActionRegLoad now takes ofs_nbits argument instead of ofs
and nbits even with this revert.
Additionally, update test cases and documents.
Signed-off-by: Shinpei Muraoka <shinpei.muraoka@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Currently, ryu-manager emits traceback messages when killed via
KeyboardInterrupt.
This patch traps the KeyboardInterrupt, and outputs an appropriate
log message instead.
Signed-off-by: Victor J. Orlikowski <vjo@duke.edu>
Signed-off-by: Alan Fordyce <alan_fordyce@keysight.com>
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
According to OpenFlow Spec 1.3.5, OFPT_PORT_STATUS messages with
the reason value OFPPR_MODIFY should be sent the BOTH port state
and config have changed.
On the other hand, OVS does not send OFPT_PORT_STATUS messages
when the port config has changed and only sends when the port
state has changed.
But, other switch implementation, e.g. Lagopus, sends messages
when the both port state and config have changed.
Therefore, simple_switch_stp_13.py will overproduce the topology
recalculation events and will fail to recalculate the topology.
This patch checks the port state in OFPT_PORT_STATUS messages
and ignores the message if the port state is not changed.
Reported-by: Hong Panha <c011361065@edu.teu.ac.jp>
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
In Python3, cmp() method is no longer supported and numerical
operations evaluates value type more strictly.
So, stplib get some errors in its calculating process.
This patch fixes these problems and enable to use stplib on
Python3 interpreter.
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Currently, rest_qos.py might fail to parse the actions field in
the QoS rules when the actions field does not have any actions
for the QoS (SET_FIELD, METER, SET_QUEUE).
This patch fixes this problem.
Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
LLDP.OrganizationallySpecificTLV did not set info field and produced
malformed LLDP packets
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Actions to be added are as following.
- NXActionSample2
- NXActionOutputTrunc
Signed-off-by: Shinpei Muraoka <shinpei.muraoka@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Note: The following actions are not implemented yet,
because ovs-ofctl command is not supported.
- NXActionRegLoad2
- NXActionOutputReg2
Signed-off-by: Shinpei Muraoka <shinpei.muraoka@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
This patch, update the methods that are to be specified in the NXM or OXM.
Update the oxm_types specified in the bit format to the string.
Update the following NXAction.
- NXActionOutputReg
- NXActionMultipath
- NXActionBundle
- NXActionBundleLoad
Signed-off-by: Shinpei Muraoka <shinpei.muraoka@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
There is NXAction to be used only in OpenFlow1.0.
These actions are supported by default in OpenFlow1.2 or later.
Therefore, it becomes unnecessary as the NXAction.
But, to add the NXAction in order to be able to use in OpenFlow1.0.
Actions to be added are as following.
- NXActionSetQueue
- NXActionDecTtl
- NXActionPushMpls
- NXActionPopMpls
- NXActionSetMplsTtl
- NXActionDecMplsTtl
- NXActionSetMplsLabel
- NXActionSetMplsTc
Signed-off-by: Shinpei Muraoka <shinpei.muraoka@gmail.com>
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
