Gitiles
Code Review Sign In
gerrit.onosproject.org / onos-app-samples / a9964eaaf92c176bfa58a61fa1a07ba73e154da4 / . / sdx-l3 / src / main / java / org / onosproject / sdxl3 / SdxL3ArpHandler.java
blob: 795d3015a786a6d4fb3a17761a8a5305d142b26b [file] [log] [blame]
Andreas Papazoisa9964ea2016-01-08 15:58:22 +0200[diff] [blame^]1/*
2 * Copyright 2016 Open Networking Laboratory
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16package org.onosproject.sdxl3;
17
18import org.onlab.packet.ARP;
19import org.onlab.packet.Ethernet;
20import org.onlab.packet.ICMP6;
21import org.onlab.packet.IPv6;
22import org.onlab.packet.Ip4Address;
23import org.onlab.packet.Ip6Address;
24import org.onlab.packet.IpAddress;
25import org.onlab.packet.MacAddress;
26import org.onlab.packet.VlanId;
27import org.onlab.packet.ndp.NeighborAdvertisement;
28import org.onlab.packet.ndp.NeighborDiscoveryOptions;
29import org.onlab.packet.ndp.NeighborSolicitation;
30import org.onosproject.incubator.net.intf.Interface;
31import org.onosproject.incubator.net.intf.InterfaceService;
32import org.onosproject.net.ConnectPoint;
33import org.onosproject.net.Host;
34import org.onosproject.net.edge.EdgePortService;
35import org.onosproject.net.flow.DefaultTrafficTreatment;
36import org.onosproject.net.flow.TrafficTreatment;
37import org.onosproject.net.host.HostService;
38import org.onosproject.net.packet.DefaultOutboundPacket;
39import org.onosproject.net.packet.InboundPacket;
40import org.onosproject.net.packet.PacketService;
41import org.onosproject.routing.config.BgpConfig;
42
43import java.nio.ByteBuffer;
44import java.util.Set;
45import java.util.stream.Collectors;
46
47import static com.google.common.base.Preconditions.checkArgument;
48import static com.google.common.base.Preconditions.checkNotNull;
49import static org.onosproject.net.HostId.hostId;
50import static org.onosproject.security.AppGuard.checkPermission;
51import static org.onosproject.security.AppPermission.Type.PACKET_WRITE;
52
53public class SdxL3ArpHandler {
54
55 private static final String REQUEST_NULL = "ARP or NDP request cannot be null.";
56 private static final String MSG_NOT_REQUEST = "Message is not an ARP or NDP request";
57
58 private BgpConfig bgpConfig;
59 private EdgePortService edgeService;
60 private HostService hostService;
61 private PacketService packetService;
62 private InterfaceService interfaceService;
63
64 private enum Protocol {
65 ARP, NDP
66 }
67
68 private enum MessageType {
69 REQUEST, REPLY
70 }
71
72 /**
73 * Creates an ArpHandler object.
74 *
75 */
76 public SdxL3ArpHandler(BgpConfig bgpConfig,
77 EdgePortService edgeService,
78 HostService hostService,
79 PacketService packetService,
80 InterfaceService interfaceService) {
81 this.bgpConfig = bgpConfig;
82 this.edgeService = edgeService;
83 this.hostService = hostService;
84 this.packetService = packetService;
85 this.interfaceService = interfaceService;
86 }
87
88 /**
89 * Processes incoming ARP packets.
90 *
91 * @param pkt incoming packet
92 */
93 public void processPacketIn(InboundPacket pkt) {
94 checkPermission(PACKET_WRITE);
95
96 Ethernet eth = pkt.parsed();
97 checkNotNull(eth, REQUEST_NULL);
98
99 ConnectPoint inPort = pkt.receivedFrom();
100 MessageContext context = createContext(eth, inPort);
101 if (context != null) {
102 replyInternal(context);
103 }
104 }
105
106 /**
107 * Handles a request message also when it concerns an SDX peering address.
108 *
109 * If the MAC address of the target is known, we can reply directly to the
110 * requestor. Otherwise, we forward the request out other ports in an
111 * attempt to find the correct host.
112 *
113 * @param context request message context to process
114 */
115 private void replyInternal(MessageContext context) {
116 checkNotNull(context);
117 checkArgument(context.type() == MessageType.REQUEST, MSG_NOT_REQUEST);
118
119 if (hasIpAddress(context.inPort())) {
120 // If the request came from outside the network, only reply if it was
121 // for one of our external addresses.
122
123 interfaceService.getInterfacesByPort(context.inPort())
124 .stream()
125 .filter(intf -> intf.ipAddresses()
126 .stream()
127 .anyMatch(ia -> ia.ipAddress().equals(context.target())))
128 .forEach(intf -> buildAndSendReply(context, intf.mac()));
129
130 if (!isPeerAddress(context.sender()) || !isPeerAddress(context.target())) {
131 // Only care about requests from/towards external BGP peers
132 return;
133 }
134 }
135
136 // See if we have the target host in the host store
137 Set<Host> hosts = hostService.getHostsByIp(context.target());
138
139 Host dst = null;
140 Host src = hostService.getHost(hostId(context.srcMac(), context.vlan()));
141
142 for (Host host : hosts) {
143 if (host.vlan().equals(context.vlan())) {
144 dst = host;
145 break;
146 }
147 }
148
149 if (src != null && dst != null) {
150 // We know the target host so we can respond
151 buildAndSendReply(context, dst.mac());
152 return;
153 }
154
155 // If the source address matches one of our external addresses
156 // it could be a request from an internal host to an external
157 // address. Forward it over to the correct port.
158 boolean matched = false;
159 Set<Interface> interfaces = interfaceService.getInterfacesByIp(context.sender());
160 for (Interface intf : interfaces) {
161 if (intf.vlan().equals(context.vlan())) {
162 matched = true;
163 sendTo(context.packet(), intf.connectPoint());
164 break;
165 }
166 }
167
168 if (matched) {
169 return;
170 }
171
172 // If the packets has a vlanId look if there are some other
173 // interfaces in the configuration on the same vlan and broadcast
174 // the packet out just of through those interfaces.
175 VlanId vlanId = context.vlan();
176
177 Set<Interface> filteredVlanInterfaces =
178 filterVlanInterfacesNoIp(interfaceService.getInterfacesByVlan(vlanId));
179
180 if (vlanId != null
181 && !vlanId.equals(VlanId.NONE)
182 && confContainsVlans(vlanId, context.inPort())) {
183 vlanFlood(context.packet(), filteredVlanInterfaces, context.inPort);
184 return;
185 }
186
187 // The request couldn't be resolved.
188 // Flood the request on all ports except the incoming port.
189 flood(context.packet(), context.inPort());
190 }
191
192 private boolean isPeerAddress(IpAddress ip) {
193 return bgpConfig.bgpSpeakers()
194 .stream()
195 .flatMap(speaker -> speaker.peers().stream())
196 .anyMatch(peerAddress -> peerAddress.equals(ip));
197 }
198
199 private Set<Interface> filterVlanInterfacesNoIp(Set<Interface> vlanInterfaces) {
200 return vlanInterfaces
201 .stream()
202 .filter(intf -> intf.ipAddresses().isEmpty())
203 .collect(Collectors.toSet());
204 }
205
206 /**
207 * States if the interface configuration contains more than one interface configured
208 * on a specific vlan, including the interface passed as argument.
209 *
210 * @param vlanId the vlanid to look for in the interface configuration
211 * @param connectPoint the connect point to exclude from the search
212 * @return true if interfaces are found. False otherwise
213 */
214 private boolean confContainsVlans(VlanId vlanId, ConnectPoint connectPoint) {
215 Set<Interface> vlanInterfaces = interfaceService.getInterfacesByVlan(vlanId);
216 return interfaceService.getInterfacesByVlan(vlanId)
217 .stream()
218 .anyMatch(intf -> intf.connectPoint().equals(connectPoint) && intf.ipAddresses().isEmpty())
219 && vlanInterfaces.size() > 1;
220 }
221
222 /**
223 * Builds and sends a reply message given a request context and the resolved
224 * MAC address to answer with.
225 *
226 * @param context message context of request
227 * @param targetMac MAC address to be given in the response
228 */
229 private void buildAndSendReply(MessageContext context, MacAddress targetMac) {
230 switch (context.protocol()) {
231 case ARP:
232 sendTo(ARP.buildArpReply((Ip4Address) context.target(),
233 targetMac, context.packet()), context.inPort());
234 break;
235 case NDP:
236 sendTo(buildNdpReply((Ip6Address) context.target(), targetMac,
237 context.packet()), context.inPort());
238 break;
239 default:
240 break;
241 }
242 }
243
244 /**
245 * Outputs a packet out a specific port.
246 *
247 * @param packet the packet to send
248 * @param outPort the port to send it out
249 */
250 private void sendTo(Ethernet packet, ConnectPoint outPort) {
251 sendTo(outPort, ByteBuffer.wrap(packet.serialize()));
252 }
253
254 /**
255 * Outputs a packet out a specific port.
256 *
257 * @param outPort port to send it out
258 * @param packet packet to send
259 */
260 private void sendTo(ConnectPoint outPort, ByteBuffer packet) {
261 if (!edgeService.isEdgePoint(outPort)) {
262 // Sanity check to make sure we don't send the packet out an
263 // internal port and create a loop (could happen due to
264 // misconfiguration).
265 return;
266 }
267
268 TrafficTreatment.Builder builder = DefaultTrafficTreatment.builder();
269 builder.setOutput(outPort.port());
270 packetService.emit(new DefaultOutboundPacket(outPort.deviceId(),
271 builder.build(), packet));
272 }
273
274 /**
275 * Returns whether the given port has any IP addresses configured or not.
276 *
277 * @param connectPoint the port to check
278 * @return true if the port has at least one IP address configured,
279 * false otherwise
280 */
281 private boolean hasIpAddress(ConnectPoint connectPoint) {
282 return interfaceService.getInterfacesByPort(connectPoint)
283 .stream()
284 .flatMap(intf -> intf.ipAddresses().stream())
285 .findAny()
286 .isPresent();
287 }
288
289 /**
290 * Returns whether the given port has any VLAN configured or not.
291 *
292 * @param connectPoint the port to check
293 * @return true if the port has at least one VLAN configured,
294 * false otherwise
295 */
296 private boolean hasVlan(ConnectPoint connectPoint) {
297 return interfaceService.getInterfacesByPort(connectPoint)
298 .stream()
299 .filter(intf -> !intf.vlan().equals(VlanId.NONE))
300 .findAny()
301 .isPresent();
302 }
303
304 /**
305 * Flood the arp request at all edges on a specifc VLAN.
306 *
307 * @param request the arp request
308 * @param dsts the destination interfaces
309 * @param inPort the connect point the arp request was received on
310 */
311 private void vlanFlood(Ethernet request, Set<Interface> dsts, ConnectPoint inPort) {
312 TrafficTreatment.Builder builder = null;
313 ByteBuffer buf = ByteBuffer.wrap(request.serialize());
314
315 for (Interface intf : dsts) {
316 ConnectPoint cPoint = intf.connectPoint();
317 if (cPoint.equals(inPort)) {
318 continue;
319 }
320
321 builder = DefaultTrafficTreatment.builder();
322 builder.setOutput(cPoint.port());
323 packetService.emit(new DefaultOutboundPacket(cPoint.deviceId(),
324 builder.build(), buf));
325 }
326 }
327
328 /**
329 * Flood the arp request at all edges in the network.
330 *
331 * @param request the arp request
332 * @param inPort the connect point the arp request was received on
333 */
334 private void flood(Ethernet request, ConnectPoint inPort) {
335 TrafficTreatment.Builder builder = null;
336 ByteBuffer buf = ByteBuffer.wrap(request.serialize());
337
338 for (ConnectPoint connectPoint : edgeService.getEdgePoints()) {
339 if (hasIpAddress(connectPoint)
340 || hasVlan(connectPoint)
341 || connectPoint.equals(inPort)) {
342 continue;
343 }
344
345 builder = DefaultTrafficTreatment.builder();
346 builder.setOutput(connectPoint.port());
347 packetService.emit(new DefaultOutboundPacket(connectPoint.deviceId(),
348 builder.build(), buf));
349 }
350 }
351
352 /**
353 * Builds an Neighbor Discovery reply based on a request.
354 *
355 * @param srcIp the IP address to use as the reply source
356 * @param srcMac the MAC address to use as the reply source
357 * @param request the Neighbor Solicitation request we got
358 * @return an Ethernet frame containing the Neighbor Advertisement reply
359 */
360 private Ethernet buildNdpReply(Ip6Address srcIp, MacAddress srcMac,
361 Ethernet request) {
362 Ethernet eth = new Ethernet();
363 eth.setDestinationMACAddress(request.getSourceMAC());
364 eth.setSourceMACAddress(srcMac);
365 eth.setEtherType(Ethernet.TYPE_IPV6);
366 eth.setVlanID(request.getVlanID());
367
368 IPv6 requestIp = (IPv6) request.getPayload();
369 IPv6 ipv6 = new IPv6();
370 ipv6.setSourceAddress(srcIp.toOctets());
371 ipv6.setDestinationAddress(requestIp.getSourceAddress());
372 ipv6.setHopLimit((byte) 255);
373
374 ICMP6 icmp6 = new ICMP6();
375 icmp6.setIcmpType(ICMP6.NEIGHBOR_ADVERTISEMENT);
376 icmp6.setIcmpCode((byte) 0);
377
378 NeighborAdvertisement nadv = new NeighborAdvertisement();
379 nadv.setTargetAddress(srcIp.toOctets());
380 nadv.setSolicitedFlag((byte) 1);
381 nadv.setOverrideFlag((byte) 1);
382 nadv.addOption(NeighborDiscoveryOptions.TYPE_TARGET_LL_ADDRESS,
383 srcMac.toBytes());
384
385 icmp6.setPayload(nadv);
386 ipv6.setPayload(icmp6);
387 eth.setPayload(ipv6);
388 return eth;
389 }
390
391 /**
392 * Attempts to create a MessageContext for the given Ethernet frame. If the
393 * frame is a valid ARP or NDP request or response, a context will be
394 * created.
395 *
396 * @param eth input Ethernet frame
397 * @param inPort in port
398 * @return MessageContext if the packet was ARP or NDP, otherwise null
399 */
400 private MessageContext createContext(Ethernet eth, ConnectPoint inPort) {
401 if (eth.getEtherType() == Ethernet.TYPE_ARP) {
402 return createArpContext(eth, inPort);
403 } else if (eth.getEtherType() == Ethernet.TYPE_IPV6) {
404 return createNdpContext(eth, inPort);
405 }
406
407 return null;
408 }
409
410 /**
411 * Extracts context information from ARP packets.
412 *
413 * @param eth input Ethernet frame that is thought to be ARP
414 * @param inPort in port
415 * @return MessageContext object if the packet was a valid ARP packet,
416 * otherwise null
417 */
418 private MessageContext createArpContext(Ethernet eth, ConnectPoint inPort) {
419 if (eth.getEtherType() != Ethernet.TYPE_ARP) {
420 return null;
421 }
422
423 ARP arp = (ARP) eth.getPayload();
424
425 IpAddress target = Ip4Address.valueOf(arp.getTargetProtocolAddress());
426 IpAddress sender = Ip4Address.valueOf(arp.getSenderProtocolAddress());
427
428 MessageType type;
429 if (arp.getOpCode() == ARP.OP_REQUEST) {
430 type = MessageType.REQUEST;
431 } else if (arp.getOpCode() == ARP.OP_REPLY) {
432 type = MessageType.REPLY;
433 } else {
434 return null;
435 }
436
437 return new MessageContext(eth, inPort, Protocol.ARP, type, target, sender);
438 }
439
440 /**
441 * Extracts context information from NDP packets.
442 *
443 * @param eth input Ethernet frame that is thought to be NDP
444 * @param inPort in port
445 * @return MessageContext object if the packet was a valid NDP packet,
446 * otherwise null
447 */
448 private MessageContext createNdpContext(Ethernet eth, ConnectPoint inPort) {
449 if (eth.getEtherType() != Ethernet.TYPE_IPV6) {
450 return null;
451 }
452 IPv6 ipv6 = (IPv6) eth.getPayload();
453
454 if (ipv6.getNextHeader() != IPv6.PROTOCOL_ICMP6) {
455 return null;
456 }
457 ICMP6 icmpv6 = (ICMP6) ipv6.getPayload();
458
459 IpAddress sender = Ip6Address.valueOf(ipv6.getSourceAddress());
460 IpAddress target = null;
461
462 MessageType type;
463 if (icmpv6.getIcmpType() == ICMP6.NEIGHBOR_SOLICITATION) {
464 type = MessageType.REQUEST;
465 NeighborSolicitation nsol = (NeighborSolicitation) icmpv6.getPayload();
466 target = Ip6Address.valueOf(nsol.getTargetAddress());
467 } else if (icmpv6.getIcmpType() == ICMP6.NEIGHBOR_ADVERTISEMENT) {
468 type = MessageType.REPLY;
469 } else {
470 return null;
471 }
472
473 return new MessageContext(eth, inPort, Protocol.NDP, type, target, sender);
474 }
475
476 /**
477 * Provides context information for a particular ARP or NDP message, with
478 * a unified interface to access data regardless of protocol.
479 */
480 private class MessageContext {
481 private Protocol protocol;
482 private MessageType type;
483
484 private IpAddress target;
485 private IpAddress sender;
486
487 private Ethernet eth;
488 private ConnectPoint inPort;
489
490
491 public MessageContext(Ethernet eth, ConnectPoint inPort,
492 Protocol protocol, MessageType type,
493 IpAddress target, IpAddress sender) {
494 this.eth = eth;
495 this.inPort = inPort;
496 this.protocol = protocol;
497 this.type = type;
498 this.target = target;
499 this.sender = sender;
500 }
501
502 public ConnectPoint inPort() {
503 return inPort;
504 }
505
506 public Ethernet packet() {
507 return eth;
508 }
509
510 public Protocol protocol() {
511 return protocol;
512 }
513
514 public MessageType type() {
515 return type;
516 }
517
518 public VlanId vlan() {
519 return VlanId.vlanId(eth.getVlanID());
520 }
521
522 public MacAddress srcMac() {
523 return MacAddress.valueOf(eth.getSourceMACAddress());
524 }
525
526 public IpAddress target() {
527 return target;
528 }
529
530 public IpAddress sender() {
531 return sender;
532 }
533 }
534
535}