havox 0.11.1

data/lib/havox/classes/rule_sanitizer.rb

@@ -0,0 +1,42 @@
+module Havox
+  class RuleSanitizer
+    attr_reader :sanitized_rules
+
+    SET_VLAN_ID_REGEX = /SetField\(vlan,\s?(?<vlan_id>\d+)\)/
+    VLAN_MATCH_REGEX  = /vlanId\s?=\s?(?<vlan_id>\d+)/
+    SELF_VLAN_REGEX   = /\s?and\svlanId\s?=\s?65535/
+
+    def initialize(raw_rules)
+      @raw_rules = raw_rules
+      @setted_vlan_ids = []
+      @sanitized_rules = []
+      scan_setted_vlan_ids
+      sanitize
+    end
+
+    private
+
+    # Main method which iterates over all the rules and cleans them.
+    def sanitize
+      @raw_rules.each do |raw_rule|
+        mod_raw_rule = raw_rule.gsub(SELF_VLAN_REGEX, '')
+        @sanitized_rules << mod_raw_rule if valid_vlan?(mod_raw_rule)
+      end
+    end
+
+    # Determines all VLAN IDs defined by the SetField action.
+    def scan_setted_vlan_ids
+      @raw_rules.each do |raw_rule|
+        match_data = raw_rule.match(SET_VLAN_ID_REGEX)
+        @setted_vlan_ids << match_data[:vlan_id] unless match_data.nil?
+      end
+    end
+
+    # The rule is valid if it does not have matches like 'vlanId = x' or, in
+    # case it has, if 'x' is set by the SetField action.
+    def valid_vlan?(raw_rule)
+      match_data = raw_rule.match(VLAN_MATCH_REGEX)
+      match_data.nil? || @setted_vlan_ids.include?(match_data[:vlan_id])
+    end
+  end
+end

data/lib/havox/classes/topology.rb

@@ -0,0 +1,75 @@
+module Havox
+  class Topology
+    attr_reader :nodes, :edges
+
+    NODE_REGEX = /^\s*(?<name>\w+)\s?\[(?<attributes>.*)\];$/i
+    EDGE_REGEX = /^\s*(?<from>\w+)\s?->\s?(?<to>\w+)\s?\[(?<attributes>.*)\];$/i
+
+    def initialize(file_path)
+      @file_path = file_path
+      @nodes = []
+      @edges = []
+      parse_dot_file
+    end
+
+    def host_names
+      @nodes.select(&:host?).map(&:name)
+    end
+
+    def switch_ips
+      switches = @nodes.select(&:switch?)
+      switch_ip_hash = {}
+      switches.each { |s| switch_ip_hash[s.name] = s.attributes[:ip] }
+      switch_ip_hash
+    end
+
+    def switch_hosts
+      exit_edges = @edges.select { |e| e.from.switch? && e.to.host? }
+      hash = {}
+      exit_edges.each do |e|
+        if hash[e.from.name].nil?
+          hash[e.from.name] = [e.to.name]
+        else
+          hash[e.from.name] << e.to.name
+        end
+      end
+      hash
+    end
+
+    private
+
+    def parse_dot_file
+      File.read(@file_path).each_line do |line|
+        parse_node(line)
+        parse_edge(line)
+      end
+    end
+
+    def parse_node(line)
+      match = line.match(NODE_REGEX)
+      unless match.nil?
+        attributes = hashed_attributes(match[:attributes].to_s)
+        @nodes << Havox::Node.new(match[:name].to_s, attributes)
+      end
+    end
+
+    def parse_edge(line)
+      match = line.match(EDGE_REGEX)
+      unless match.nil?
+        attributes = hashed_attributes(match[:attributes].to_s)
+        node_from = @nodes.find { |n| n.name.eql?(match[:from].to_s) }
+        node_to = @nodes.find { |n| n.name.eql?(match[:to].to_s) }
+        @edges << Havox::Edge.new(node_from, node_to, attributes)
+      end
+    end
+
+    def hashed_attributes(raw_attrs)
+      hash = {}
+      raw_attrs.gsub('"', '').split(',').each do |str|
+        field, value = str.strip.split(/\s*=\s*/)
+        hash[field.to_sym] = value
+      end
+      hash
+    end
+  end
+end

data/lib/havox/classes/translator.rb

@@ -0,0 +1,37 @@
+module Havox
+  class Translator
+    # OPTIMIZE: Refactor the translation schema to be scalable.
+    # Current way of selecting the syntax via multiple match and action files
+    # is not DRY. Refactor the translation schema to be scalable, maybe using
+    # YAML or some other better structure.
+
+    include Singleton
+
+    def fields_to(syntax)
+      translation_module(syntax)::Matches::FIELDS
+    end
+
+    def matches_to(syntax, matches_array)
+      translation_module(syntax)::Matches.treat(matches_array)
+    end
+
+    def actions_to(syntax, actions_array, opts = {})
+      translation_module(syntax)::Actions.treat(actions_array, opts)
+    end
+
+    private
+
+    def translation_module(syntax)
+      case syntax
+      when :ovs       then Havox::OpenFlow10::OVS
+      when :routeflow then Havox::OpenFlow10::RouteFlow
+      when :trema     then Havox::OpenFlow10::Trema
+      else raise_unknown_translator(syntax)
+      end
+    end
+
+    def raise_unknown_translator(syntax)
+      raise Havox::UnknownTranslator, "Unknown translator '#{syntax}'"
+    end
+  end
+end

data/lib/havox/configuration.rb

@@ -0,0 +1,20 @@
+module Havox
+  class Configuration
+    attr_accessor :rf_host, :rf_user, :rf_password, :rf_lxc_names, :merlin_host,
+      :merlin_user, :merlin_password, :merlin_path, :gurobi_path,
+      :protocol_daemons
+
+    def initialize
+      @rf_host          = '192.168.56.101'
+      @rf_user          = 'routeflow'
+      @rf_password      = 'routeflow'
+      @rf_lxc_names     = %w(rfvmA rfvmB rfvmC rfvmD)
+      @merlin_host      = '192.168.56.102'
+      @merlin_user      = 'frenetic'
+      @merlin_password  = 'frenetic'
+      @merlin_path      = '/home/frenetic/merlin'
+      @gurobi_path      = '/opt/gurobi701/linux64'
+      @protocol_daemons = [:bgpd]
+    end
+  end
+end

data/lib/havox/dsl/directive.rb

@@ -0,0 +1,70 @@
+module Havox
+  module DSL
+    class Directive
+      attr_reader :switch, :attributes
+
+      MERLIN_DIC = {
+        destination_ip:   'ipDst',
+        destination_mac:  'ethDst',
+        destination_port: 'tcpDstPort',
+        ethernet_type:    'ethTyp',
+        in_port:          'port',
+        ip_protocol:      'ipProto',
+        source_ip:        'ipSrc',
+        source_mac:       'ethSrc',
+        source_port:      'tcpSrcPort',
+        vlan_id:          'vlanId',
+        vlan_priority:    'vlanPcp'
+      }
+
+      def initialize(type, switch, attributes = {})
+        @type = type
+        @switch = switch
+        @attributes = attributes
+      end
+
+      def method_missing(name, *args, &block)
+        @attributes[name] = args.first
+      end
+
+      def to_block(src_hosts, dst_hosts, qos = nil)
+        "#{foreach_code(src_hosts, dst_hosts)}\n  #{to_statement(qos)}\n"
+      end
+
+      private
+
+      def to_statement(qos)
+        fields = @attributes.map { |k, v| "#{MERLIN_DIC[k]} = #{treated(v, k)}" }
+        predicate = fields.join(' and ')
+        qos_str = qos.nil? ? '' : " at #{qos}"
+        "#{predicate} -> #{regex_path}#{qos_str};"
+      end
+
+      def format_hosts(host_names)
+        "{ #{host_names.join('; ')} }"
+      end
+
+      def foreach_code(src_hosts, dst_hosts)
+        src_hosts_str = format_hosts(src_hosts)
+        dst_hosts_str = format_hosts(dst_hosts)
+        "foreach (s, d): cross(#{src_hosts_str}, #{dst_hosts_str})"
+      end
+
+      def treated(value, field)
+        case field
+        when :source_ip      then netmask_removed(value)
+        when :destination_ip then netmask_removed(value)
+        else value
+        end
+      end
+
+      def netmask_removed(ip)
+        IPAddr.new(ip).to_s
+      end
+
+      def regex_path
+        ".* #{@switch.to_s}".strip
+      end
+    end
+  end
+end

data/lib/havox/dsl/directive_proxy.rb

@@ -0,0 +1,36 @@
+module Havox
+  module DSL
+    class DirectiveProxy
+      def exit(switch, &block)
+        eval_directive(:exit, switch, &block)
+      end
+
+      # def drop(&block)
+      #   eval_directive(:drop, nil, &block)
+      # end
+
+      def topology(file_path)
+        raise_invalid_topology(file_path) unless File.exists?(file_path)
+        topo = Havox::Topology.new(file_path)
+        Havox::Network.topology = topo
+      end
+
+      def associate(router, switch)
+        Havox::Network.devices[router.to_s] = switch.to_s
+      end
+
+      private
+
+      def eval_directive(type, switch, &block)
+        directive = Havox::DSL::Directive.new(type, switch)
+        directive.instance_eval(&block)
+        Havox::Network.directives << directive
+      end
+
+      def raise_invalid_topology(file_path)
+        raise Havox::Network::InvalidTopology,
+          "invalid topology file '#{file_path}'"
+      end
+    end
+  end
+end

data/lib/havox/dsl/examples/routeflow.hvx

@@ -0,0 +1,12 @@
+Havox::Network.define do
+  topology 'lib/merlin/topologies/routeflow.dot'
+
+  exit(:s5) { destination_port 80 }
+  exit(:s6) { destination_ip '172.50.0.0/16' }
+  exit(:s7) { source_ip '172.70.0.0/16' }
+
+  exit :s8 do
+    destination_port 20
+    destination_ip '172.50.0.0/16'
+  end
+end

data/lib/havox/dsl/network.rb

@@ -0,0 +1,64 @@
+module Havox
+  module Network
+    @directives = []
+    @devices    = {}
+    @rib        = nil
+    @topology   = nil
+
+    def self.directives; @directives end
+    def self.rib; @rib end
+    def self.devices; @devices end
+    def self.topology; @topology end
+    def self.topology=(topo); @topology = topo end
+
+    def self.define(&block)
+      reset!
+      directive_proxy = Havox::DSL::DirectiveProxy.new
+      directive_proxy.instance_eval(&block)
+      @rib = Havox::RIB.new
+      infer_associations_by_ospf
+    end
+
+    def self.transcompile(opts = {})
+      @directives.map do |d|
+        src_hosts = @topology.host_names - @topology.switch_hosts[d.switch.to_s]
+        dst_hosts = @topology.switch_hosts[d.switch.to_s]
+        d.to_block(src_hosts, dst_hosts, opts[:qos])
+      end
+    end
+
+    def self.reachable(protocol = :bgp)
+      @rib.nil? ? [] : @rib.network_list(protocol)
+    end
+
+    def self.reset!
+      @directives = []
+      @devices    = {}
+      @rib        = nil
+      @topology   = nil
+    end
+
+    class << self
+      private
+
+      def infer_associations_by_ospf
+        direct_ospf_routes = @rib.routes.select { |r| r.ospf? && r.direct? }
+        grouped_routes = direct_ospf_routes.group_by(&:network)
+        @topology.switch_ips.each do |switch_name, switch_ip|
+          associate_routers(grouped_routes, switch_name, switch_ip)
+        end
+      end
+
+      def associate_routers(grouped_routes, switch_name, switch_ip)
+        grouped_routes.each do |network_str, routes|
+          network = IPAddr.new(network_str)
+          router_name = routes.last.router
+          if network.include?(switch_ip) && @devices[router_name].nil?
+            @devices[router_name] = switch_name
+            break
+          end
+        end
+      end
+    end
+  end
+end

data/lib/havox/exceptions.rb

@@ -0,0 +1,21 @@
+module Havox
+  module Merlin
+    class ParsingError < StandardError; end
+  end
+
+  module RouteFlow
+    class UnknownProtocol < StandardError; end
+  end
+
+  module Trema
+    class UnpredictedAction < StandardError; end
+  end
+
+  module Network
+    class InvalidTopology < StandardError; end
+  end
+
+  class UnknownTranslator < StandardError; end
+  class UnknownAction < StandardError; end
+  class OperationError < StandardError; end
+end

data/lib/havox/modules/command.rb

@@ -0,0 +1,31 @@
+module Havox
+  module Command
+    class << self
+      def show_ip_route(vm_name, protocol)
+        vtysh_run(vm_name, "show ip route #{protocol}")
+      end
+
+      def vtysh_run(vm_name, command)
+        rf_command(vm_name, "/usr/bin/vtysh -c '#{command}'")
+      end
+
+      def compile(topology_file, policy_file)
+        merlin_command("-topo #{topology_file} #{policy_file} -verbose")
+      end
+
+      private
+
+      def rf_command(vm_name, command)
+        "sudo lxc-attach -n #{vm_name} -- #{command}"
+      end
+
+      def merlin_command(args)
+        env_vars = "GUROBI_HOME=\"#{Havox.configuration.gurobi_path}\" " \
+                   'PATH="${PATH}:${GUROBI_HOME}/bin" ' \
+                   'LD_LIBRARY_PATH="${GUROBI_HOME}/lib" ' \
+                   'GRB_LICENSE_FILE="${GUROBI_HOME}/gurobi.lic"'
+        "#{env_vars} #{Havox.configuration.merlin_path}/Merlin.native #{args}"
+      end
+    end
+  end
+end

data/lib/havox/modules/field_parser.rb

@@ -0,0 +1,21 @@
+module Havox
+  module FieldParser
+    def parsed_ipv4(ip_integer)
+      ip_integer = ip_integer.to_i
+      value = ip_integer.positive? ? ip_integer : (2**32 - ip_integer.abs)      # Handles two's complement integers.
+      bits = value.to_s(2).rjust(32, '0')                                       # Transforms the string number into a 32-bit sequence.
+      octets = bits.scan(/\d{8}/).map { |octet_bits| octet_bits.to_i(2) }       # Splits the sequence into decimal octets.
+      octets.join('.')                                                          # Returns the joined octets.
+    end
+
+    def basic_action(action, arg_a = nil, arg_b = nil)
+      { action: action, arg_a: arg_a, arg_b: arg_b }
+    end
+
+    def raise_unknown_action(obj)
+      raise Havox::UnknownAction,
+        "Unable to translate action #{obj[:action]} with arguments A:"         \
+        " #{obj[:arg_a]} and B: #{obj[:arg_b]}, respectively"
+    end
+  end
+end

data/lib/havox/modules/merlin.rb

@@ -0,0 +1,85 @@
+module Havox
+  module Merlin
+    class << self
+      private
+
+      ERROR_REGEX       = /Uncaught\sexception:\s*(.+)Raised/
+      BASENAME_REGEX    = /^.+\/(?<name>[^\/]+)$/
+      SEPARATOR_REGEX   = /On\sswitch\s\d+/
+      RULES_BLOCK_REGEX = /(?<=OpenFlow\srules\s)\(\d+\):#{SEPARATOR_REGEX}(.+)(?=Queue\sConfigurations)/
+
+      def config
+        Havox.configuration
+      end
+
+      def cmd
+        Havox::Command
+      end
+
+      def ssh_connection
+        Net::SSH.start(config.merlin_host, config.merlin_user, password: config.merlin_password) do |ssh|
+          yield(ssh)
+        end
+      end
+
+      def parse(result)
+        result = result.tr("\n", '').tr("\t", ' ')                              # Removes line break and tab characters.
+        check_for_errors(result)                                                # Raises an error if Merlin has errored.
+        result = result.scan(RULES_BLOCK_REGEX).flatten.first                   # Matches OpenFlow rules block.
+        return [] if result.nil?                                                # Returns an empty array if no rules were created.
+        result = result.split(SEPARATOR_REGEX)                                  # Splits the block into separated rules.
+        result.map(&:to_s)                                                      # Converts NetSSH special string to string.
+      end
+
+      def check_for_errors(result)
+        error_msg = result.scan(ERROR_REGEX).flatten.first
+        raise Havox::Merlin::ParsingError, error_msg unless error_msg.nil?
+      end
+
+      def basename(path)
+        path.match(BASENAME_REGEX)[:name]
+      end
+
+      def check_options(opts)
+        opts[:dst]    ||= "#{config.merlin_path}/examples/"                     # Sets the upload path in Merlin VM.
+        opts[:force]  ||= false                                                 # Forces Havox to ignore field conflicts.
+        opts[:basic]  ||= false                                                 # Instructs to append basic policies.
+        opts[:expand] ||= false                                                 # Expands raw rules from VLAN-based to full predicates.
+        opts[:output] ||= false                                                 # Switches Enqueue action for Output action.
+        opts[:syntax] ||= :trema                                                # Sets the output syntax for generated rules.
+      end
+    end
+
+    def self.run(command)
+      output = nil
+      ssh_connection { |ssh| output = ssh.exec!(command) }
+      output
+    end
+
+    def self.upload!(file, dst = nil)
+      dst ||= "#{config.merlin_path}/examples/"
+      ssh_connection { |ssh| ssh.scp.upload!(file, dst) }
+      true
+    end
+
+    def self.compile(topology_file, policy_file, opts = {})
+      rules = []
+      result = run(cmd.compile(topology_file, policy_file))                     # Runs Merlin in the remote VM and retrieves its output.
+      result = parse(result)                                                    # Parses the output into raw rules.
+      result = Havox::RuleSanitizer.new(result).sanitized_rules                 # Removes unwanted rule snippets.
+      result = Havox::RuleExpander.new(result).expanded_rules if opts[:expand]  # Expands each raw rule in the parsed result.
+      result.each { |raw_rule| rules << Havox::Rule.new(raw_rule, opts) }       # Creates Rule instances for each raw rule.
+      rules
+    end
+
+    def self.compile!(topology_file, policy_file, opts = {})
+      check_options(opts)
+      policy_file = Havox::ModifiedPolicy.new(topology_file, policy_file).path if opts[:basic]
+      if upload!(topology_file, opts[:dst]) && upload!(policy_file, opts[:dst])
+        topology_file = "#{opts[:dst]}#{basename(topology_file)}"
+        policy_file = "#{opts[:dst]}#{basename(policy_file)}"
+        compile(topology_file, policy_file, opts)
+      end
+    end
+  end
+end