Merge pull request #119 from asimeth-do/udp-matching

Add ability to match UDP source/destination ports

Author: ecbaldwin

AUTHORS

@@ -14,3 +14,4 @@ Kei Nohguchi <[email protected]>
 Neal Shrader <[email protected]>
 Sangeetha Srikanth <[email protected]>
 Franck Rupin <[email protected]>
+Adam Simeth <[email protected]>

ovs/match.go

@@ -75,6 +75,8 @@ const (
 	tunTTL      = "tun_ttl"
 	tunv6DST    = "tun_ipv6_dst"
 	tunv6SRC    = "tun_ipv6_src"
+	udpDST      = "udp_dst"
+	udpSRC      = "udp_src"
 	vlanTCI1    = "vlan_tci1"
 	vlanTCI     = "vlan_tci"
 )
@@ -879,8 +881,7 @@ func (m *arpProtocolAddressMatch) GoString() string {
 	return fmt.Sprintf("ovs.ARPTargetProtocolAddress(%q)", m.ip)
 }
 
-// TransportSourcePort matches packets with a transport layer (TCP/UDP) source
-// port matching port.
+// TransportSourcePort matches packets with a TCP source port matching port.
 func TransportSourcePort(port uint16) Match {
 	return &transportPortMatch{
 		srcdst: source,
@@ -889,8 +890,7 @@ func TransportSourcePort(port uint16) Match {
 	}
 }
 
-// TransportDestinationPort matches packets with a transport layer (TCP/UDP)
-// destination port matching port.
+// TransportDestinationPort matches packets with a TCP destination port matching port.
 func TransportDestinationPort(port uint16) Match {
 	return &transportPortMatch{
 		srcdst: destination,
@@ -899,8 +899,7 @@ func TransportDestinationPort(port uint16) Match {
 	}
 }
 
-// TransportSourceMaskedPort matches packets with a transport layer (TCP/UDP)
-// source port matching a masked port range.
+// TransportSourceMaskedPort matches packets with TCP source port matching a masked port range.
 func TransportSourceMaskedPort(port uint16, mask uint16) Match {
 	return &transportPortMatch{
 		srcdst: source,
@@ -909,8 +908,7 @@ func TransportSourceMaskedPort(port uint16, mask uint16) Match {
 	}
 }
 
-// TransportDestinationMaskedPort matches packets with a transport layer (TCP/UDP)
-// destination port matching a masked port range.
+// TransportDestinationMaskedPort matches packets with a TCP destination port matching a masked port range.
 func TransportDestinationMaskedPort(port uint16, mask uint16) Match {
 	return &transportPortMatch{
 		srcdst: destination,
@@ -919,6 +917,124 @@ func TransportDestinationMaskedPort(port uint16, mask uint16) Match {
 	}
 }
 
+// UDPSourcePort matches packets with a UDP source port matching port.
+func UDPSourcePort(port uint16) Match {
+	return &udpPortMatch{
+		srcdst: source,
+		port:   port,
+		mask:   0,
+	}
+}
+
+// UDPDestinationPort matches packets with a UDP destination port matching port.
+func UDPDestinationPort(port uint16) Match {
+	return &udpPortMatch{
+		srcdst: destination,
+		port:   port,
+		mask:   0,
+	}
+}
+
+// UDPSourceMaskedPort matches packets with UDP source port matching a masked port range.
+func UDPSourceMaskedPort(port uint16, mask uint16) Match {
+	return &udpPortMatch{
+		srcdst: source,
+		port:   port,
+		mask:   mask,
+	}
+}
+
+// UDPDestinationMaskedPort matches packets with a UDP destination port matching a masked port range.
+func UDPDestinationMaskedPort(port uint16, mask uint16) Match {
+	return &udpPortMatch{
+		srcdst: destination,
+		port:   port,
+		mask:   mask,
+	}
+}
+
+// A udpPortMatch is a Match returned by Udp{Source,Destination}Port.
+type udpPortMatch struct {
+	srcdst string
+	port   uint16
+	mask   uint16
+}
+
+var _ Match = &udpPortMatch{}
+
+// A udpPortRange reprsents the start and end values of a udp protocol port range.
+type udpPortRange struct {
+	srcdst    string
+	startPort uint16
+	endPort   uint16
+}
+
+// UDPDestinationPortRange represent a port range intended for a UDP protocol destination port.
+func UDPDestinationPortRange(startPort uint16, endPort uint16) TransportPortRanger {
+	return &udpPortRange{
+		srcdst:    destination,
+		startPort: startPort,
+		endPort:   endPort,
+	}
+}
+
+// UDPSourcePortRange represent a port range intended for a UDP protocol source port.
+func UDPSourcePortRange(startPort uint16, endPort uint16) TransportPortRanger {
+	return &udpPortRange{
+		srcdst:    source,
+		startPort: startPort,
+		endPort:   endPort,
+	}
+}
+
+// MaskedPorts returns the represented port ranges as an array of bitwise matches.
+func (pr *udpPortRange) MaskedPorts() ([]Match, error) {
+	portRange := PortRange{
+		Start: pr.startPort,
+		End:   pr.endPort,
+	}
+
+	bitRanges, err := portRange.BitwiseMatch()
+	if err != nil {
+		return nil, err
+	}
+
+	var ports []Match
+
+	for _, br := range bitRanges {
+		maskedPortRange := &udpPortMatch{
+			srcdst: pr.srcdst,
+			port:   br.Value,
+			mask:   br.Mask,
+		}
+		ports = append(ports, maskedPortRange)
+	}
+
+	return ports, nil
+}
+
+// MarshalText implements Match.
+func (m *udpPortMatch) MarshalText() ([]byte, error) {
+	return matchUDPPort(m.srcdst, m.port, m.mask)
+}
+
+// GoString implements Match.
+func (m *udpPortMatch) GoString() string {
+	if m.mask > 0 {
+		if m.srcdst == source {
+			return fmt.Sprintf("ovs.UdpSourceMaskedPort(%#x, %#x)", m.port, m.mask)
+		}
+
+		return fmt.Sprintf("ovs.UdpDestinationMaskedPort(%#x, %#x)", m.port, m.mask)
+	}
+
+	if m.srcdst == source {
+		return fmt.Sprintf("ovs.UdpSourcePort(%d)", m.port)
+	}
+
+	return fmt.Sprintf("ovs.UdpDestinationPort(%d)", m.port)
+}
+
 // A transportPortMatch is a Match returned by Transport{Source,Destination}Port.
 type transportPortMatch struct {
 	srcdst string
@@ -1491,6 +1607,17 @@ func matchTransportPort(srcdst string, port uint16, mask uint16) ([]byte, error)
 	return bprintf("tp_%s=0x%04x/0x%04x", srcdst, port, mask), nil
 }
 
+// matchUDPPort is the common implementation for
+// Udp{Source,Destination}Port.
+func matchUDPPort(srcdst string, port uint16, mask uint16) ([]byte, error) {
+	// No mask specified
+	if mask == 0 {
+		return bprintf("udp_%s=%d", srcdst, port), nil
+	}
+
+	return bprintf("udp_%s=0x%04x/0x%04x", srcdst, port, mask), nil
+}
+
 // IPFragFlag is a string type which can be used with the IPFragMatch.
 type IPFragFlag string
 

ovs/match_test.go

@@ -922,6 +922,111 @@ func TestMatchTransportPortRange(t *testing.T) {
 	}
 }
 
+func TestMatchUdp(t *testing.T) {
+	var tests = []struct {
+		desc string
+		m    Match
+		out  string
+	}{
+		{
+			desc: "source port 80",
+			m:    UDPSourcePort(80),
+			out:  "udp_src=80",
+		},
+		{
+			desc: "source port 65535",
+			m:    UDPSourcePort(65535),
+			out:  "udp_src=65535",
+		},
+		{
+			desc: "destination port 22",
+			m:    UDPDestinationPort(22),
+			out:  "udp_dst=22",
+		},
+		{
+			desc: "destination port 8080",
+			m:    UDPDestinationPort(8080),
+			out:  "udp_dst=8080",
+		},
+		{
+			desc: "source port range 16/0xfff0 (16-31)",
+			m:    UDPSourceMaskedPort(0x10, 0xfff0),
+			out:  "udp_src=0x0010/0xfff0",
+		},
+		{
+			desc: "destination port range 16/0xfff0 (16-31)",
+			m:    UDPDestinationMaskedPort(0x10, 0xfff0),
+			out:  "udp_dst=0x0010/0xfff0",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.desc, func(t *testing.T) {
+			out, err := tt.m.MarshalText()
+			if err != nil {
+				t.Fatalf("unexpected error: %v", err)
+			}
+
+			if want, got := tt.out, string(out); want != got {
+				t.Fatalf("unexpected Match output:\n- want: %q\n-  got: %q",
+					want, got)
+			}
+		})
+	}
+}
+
+func TestMatchUdpPortRange(t *testing.T) {
+	var tests = []struct {
+		desc string
+		pr   TransportPortRanger
+		m    []Match
+	}{
+		{
+			desc: "destination port range 16-31",
+			pr:   UDPDestinationPortRange(16, 31),
+			m: []Match{
+				UDPDestinationMaskedPort(0x10, 0xfff0),
+			},
+		},
+		{
+			desc: "source port range 16-31",
+			pr:   UDPSourcePortRange(16, 31),
+			m: []Match{
+				UDPSourceMaskedPort(0x10, 0xfff0),
+			},
+		},
+		{
+			desc: "destination port range 16-32",
+			pr:   UDPDestinationPortRange(16, 32),
+			m: []Match{
+				UDPDestinationMaskedPort(0x10, 0xfff0),
+				UDPDestinationMaskedPort(0x20, 0xffff),
+			},
+		},
+		{
+			desc: "source port range 16-32",
+			pr:   UDPSourcePortRange(16, 32),
+			m: []Match{
+				UDPSourceMaskedPort(0x10, 0xfff0),
+				UDPSourceMaskedPort(0x20, 0xffff),
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.desc, func(t *testing.T) {
+			m, err := tt.pr.MaskedPorts()
+			if err != nil {
+				t.Fatalf("unexpected error: %v", err)
+			}
+			if want, got := tt.m, m; !reflect.DeepEqual(want, got) {
+				t.Fatalf("unexpected Match:\n- want: %q\n-  got: %q",
+					want, got)
+			}
+		})
+	}
+}
+
 func TestMatchVLANTCI(t *testing.T) {
 	var tests = []struct {
 		desc string

ovs/matchparser.go

@@ -35,7 +35,7 @@ func parseMatch(key string, value string) (Match, error) {
 		return parseIntMatch(key, value, math.MaxUint8)
 	case ctZone:
 		return parseIntMatch(key, value, math.MaxUint16)
-	case tpSRC, tpDST:
+	case tpSRC, tpDST, udpSRC, udpDST:
 		return parsePort(key, value, math.MaxUint16)
 	case conjID:
 		return parseIntMatch(key, value, math.MaxUint32)
@@ -215,6 +215,10 @@ func parsePort(key string, value string, max int) (Match, error) {
 		return TransportSourceMaskedPort(uint16(values[0]), uint16(values[1])), nil
 	case tpDST:
 		return TransportDestinationMaskedPort(uint16(values[0]), uint16(values[1])), nil
+	case udpSRC:
+		return UDPSourceMaskedPort(uint16(values[0]), uint16(values[1])), nil
+	case udpDST:
+		return UDPDestinationMaskedPort(uint16(values[0]), uint16(values[1])), nil
 	}
 	// Return error if input is invalid
 	return nil, fmt.Errorf("no action matched for %s=%s", key, value)