Safe Haskell | Safe-Infered |
---|
Everything necessary to build a controller atop NetCore, using Nettle as a backend.
- controller :: Policy -> IO ()
- dynController :: Chan Policy -> Chan (Loc, ByteString) -> IO ()
- data Policy
- (==>) :: Predicate -> Action -> Policy
- (<%>) :: Policy -> Predicate -> Policy
- (<+>) :: Monoid a => a -> a -> a
- data Predicate
- exactMatch :: Packet -> Predicate
- inport :: Switch -> Port -> Predicate
- (<||>) :: Predicate -> Predicate -> Predicate
- (<&&>) :: Predicate -> Predicate -> Predicate
- matchAll :: Predicate
- matchNone :: Predicate
- neg :: Predicate -> Predicate
- prSubtract :: Predicate -> Predicate -> Predicate
- prOr :: [Predicate] -> Predicate
- prAnd :: [Predicate] -> Predicate
- onSwitch :: Switch -> Predicate
- dlSrc :: Word48 -> Predicate
- dlDst :: Word48 -> Predicate
- dlTyp :: Word16 -> Predicate
- dlVlan :: Word16 -> Predicate
- dlNoVlan :: Predicate
- dlVlanPcp :: Word8 -> Predicate
- nwSrc :: Word32 -> Predicate
- nwDst :: Word32 -> Predicate
- nwSrcPrefix :: Word32 -> Int -> Predicate
- nwDstPrefix :: Word32 -> Int -> Predicate
- nwProto :: Word8 -> Predicate
- nwTos :: Word8 -> Predicate
- tpSrc :: Word16 -> Predicate
- tpDst :: Word16 -> Predicate
- inPort :: Port -> Predicate
- data Action
- dropPkt :: Action
- forward :: [Port] -> Action
- allPorts :: Modification -> Action
- modify :: [(Port, Modification)] -> Action
- countBytes :: Int -> IO (Chan (Switch, Integer), Action)
- countPkts :: Int -> IO (Chan (Switch, Integer), Action)
- getPkts :: IO (Chan (Switch, Packet), Action)
- data Modification
- unmodified :: Modification
- type Switch = Word64
- type Port = Word16
- type Vlan = Word16
- data Loc = Loc Switch Port
- type Word48 = EthernetAddress
- broadcastAddress :: EthernetAddress
- data EthernetAddress
- data Packet = Packet {}
- modDlSrc :: Word48 -> Modification
- modDlDst :: Word48 -> Modification
- modDlVlan :: Maybe Vlan -> Modification
- modDlVlanPcp :: Word8 -> Modification
- modNwSrc :: Word32 -> Modification
- modNwDst :: Word32 -> Modification
- modNwTos :: Word8 -> Modification
- modTpSrc :: Word16 -> Modification
- modTpDst :: Word16 -> Modification
- select :: Chan a -> Chan b -> IO (Chan (Either a b))
- both :: Chan a -> Chan b -> IO (Chan (a, b))
- data Slice = Slice {}
- type Topo = Gr () Port
- buildGraph :: [((Node, Port), (Node, Port))] -> Topo
- internalSlice :: Topo -> Slice
- simpleSlice :: Topo -> Predicate -> Slice
- transform :: [(Slice, Policy)] -> Policy
- transformEdge :: Topo -> [(Slice, Policy)] -> Policy
- dynTransform :: [(Slice, Chan Policy)] -> IO (Chan Policy)
OpenFlow Controllers
controller :: Policy -> IO ()Source
Starts an OpenFlow controller that runs a static NetCore program.
Starts an OpenFlow controller that runs dynamic NetCore programs.
The controller reads NetCore programs from the given channel. When the controller receives a program on the channel, it compiles it and reconfigures the network to run it.
Policies
Policies denote functions from (switch, packet) to packets.
(==>) :: Predicate -> Action -> PolicySource
Abbreviation for constructing a basic policy from a predicate and an action.
(<%>) :: Policy -> Predicate -> PolicySource
Restrict a policy to act over packets matching the predicate.
(<+>) :: Monoid a => a -> a -> aSource
Join: overloaded to find the union of policies and the join of actions.
Predicates
Predicates to match packets.
exactMatch :: Packet -> PredicateSource
A predicate that exactly matches a packet's headers.
inport :: Switch -> Port -> PredicateSource
Construct the predicate matching packets on this switch and port
prSubtract :: Predicate -> Predicate -> PredicateSource
Construct the set difference between p1 and p2
Exact match predicate constructors
nwSrc :: Word32 -> PredicateSource
Match source IP address.
This is only meaningful in combination with 'dlTyp 0x0800'.
nwSrcPrefix :: Word32 -> Int -> PredicateSource
Match a prefix of the source IP address.
nwDstPrefix :: Word32 -> Int -> PredicateSource
Match a prefix of the destination IP address.
Actions
Constructors
:: Modification | modifications to apply to the packet. Use 'allPorts unmodified' to make no modifications. |
-> Action |
Forward the packet out of all physical ports, except the packet's ingress port.
modify :: [(Port, Modification)] -> ActionSource
Forward the packet out of the specified physical ports with modifications.
Each port has its own record of modifications, so modifications at one port do not interfere with modifications at another port.
Modifications
data Modification Source
For each fields with a value Just v, modify that field to be v. If the field is Nothing then there is no modification of that field.
Network Elements
type Word48 = EthernetAddressSource
Ethernet addresses are 48-bits wide.
data EthernetAddress Source
Packets
Packets' headers.
Packet | |
|
Packet modifications
modDlSrc :: Word48 -> ModificationSource
modDlDst :: Word48 -> ModificationSource
modDlVlan :: Maybe Vlan -> ModificationSource
modNwSrc :: Word32 -> ModificationSource
modNwDst :: Word32 -> ModificationSource
modNwTos :: Word8 -> ModificationSource
modTpSrc :: Word16 -> ModificationSource
modTpDst :: Word16 -> ModificationSource
Channels
select :: Chan a -> Chan b -> IO (Chan (Either a b))Source
Produce a new channel that carries updates from both of the input channels, but does not wait for both to be ready. Analogous to Unix SELECT(2) followed by READ(2) on the ready file descriptor.
both :: Chan a -> Chan b -> IO (Chan (a, b))Source
Produce a new channel that waits for both input channels to produce a value, and then yields the latest version of both values. If one channel produces multiple values before the other produces any, then the early values are discarded. Afterwards, whenever one channel updates, the output channel yields that update along with whatever the current version of the other channel is.
Slices
A slice represents a subgraph of the network for the purposes of isolating programs from each other.
The interface to a slice has two components: a topology comprising switches, ports, and links; and a collection of predicates, one for each outward-facing edge port.
We represent the topology as a collection of locations in the network, and the predicates as a mapping from locations to predicates.
Intuitively, packets may travel freely between internal locations, but must satisfy the associated predicate to enter the slice at an ingress location, or leave the slice at an egress location. If an external port is not listed in the ingress or egress set, then no packets may enter or leave (respectively) on that port.
Topology constructors
buildGraph :: [((Node, Port), (Node, Port))] -> TopoSource
Build a graph from list of undirected edges labeled with their ports Ensures that the resulting graph is undirected-equivalent, and labels each directed edge with the appropriate port to send a packet over that edge from the source switch.
By convention, hosts have a single port 0, and non-hosts have any number of non-zero ports. If 0 is in the ports of a node, it is considered to be a host regardless of other ports that may be present.
Slice constructors
internalSlice :: Topo -> SliceSource
Produce a slice that exactly covers the given topology, with no ingress or egress ports.
simpleSlice :: Topo -> Predicate -> SliceSource
Produce a slice with all the switches in topo, and predicate applied to all in- and out-bound connections to hosts
Compilation
transform :: [(Slice, Policy)] -> PolicySource
Produce the combined policy by compiling a list of slices and policies with the vanilla compiler