forked from udacity/gt-cs6250
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request udacity#1 from ben-jones/assignment-7
Assignment 7
- Loading branch information
Showing
3 changed files
with
145 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| id,mac_0,mac_1 | ||
| 1,00:00:00:00:00:01,00:00:00:00:00:02 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| ''' | ||
| Coursera: | ||
| - Software Defined Networking (SDN) course | ||
| -- Module 4 Programming Assignment | ||
| Professor: Nick Feamster | ||
| Teaching Assistant: Muhammad Shahbaz | ||
| ''' | ||
|
|
||
| from pox.core import core | ||
| import pox.openflow.libopenflow_01 as of | ||
| from pox.lib.revent import * | ||
| from pox.lib.util import dpidToStr | ||
| from pox.lib.addresses import EthAddr | ||
| from collections import namedtuple | ||
| import os | ||
| from csv import DictReader | ||
|
|
||
|
|
||
| log = core.getLogger() | ||
| policyFile = "%s/pox/pox/misc/firewall-policies.csv" % os.environ[ 'HOME' ] | ||
|
|
||
| # Add your global variables here ... | ||
|
|
||
| # Note: Policy is data structure which contains a single | ||
| # source-destination flow to be blocked on the controller. | ||
| Policy = namedtuple('Policy', ('dl_src', 'dl_dst')) | ||
|
|
||
|
|
||
| class Firewall (EventMixin): | ||
|
|
||
| def __init__ (self): | ||
| self.listenTo(core.openflow) | ||
| log.debug("Enabling Firewall Module") | ||
|
|
||
| def read_policies (self, file): | ||
| with open(file, 'r') as f: | ||
| reader = DictReader(f, delimiter = ",") | ||
| policies = {} | ||
| for row in reader: | ||
| policies[row['id']] = Policy(EthAddr(row['mac_0']), EthAddr(row['mac_1'])) | ||
| return policies | ||
|
|
||
| def _handle_ConnectionUp (self, event): | ||
| policies = self.read_policies(policyFile) | ||
| for policy in policies.itervalues(): | ||
| # TODO: implement the code to add a rule to block the flow | ||
| # between the source and destination specified in each policy | ||
|
|
||
| # Note: The policy data structure has two fields which you can | ||
| # access to turn the policy into a rule. policy.dl_src will | ||
| # give you the source mac address and policy.dl_dst will give | ||
| # you the destination mac address | ||
|
|
||
| # Note: Set the priority for your rule to 20 so that it | ||
| # doesn't conflict with the learning bridge setup | ||
| pass | ||
|
|
||
| log.debug("Firewall rules installed on %s", dpidToStr(event.dpid)) | ||
|
|
||
| def launch (): | ||
| ''' | ||
| Starting the Firewall module | ||
| ''' | ||
| core.registerNew(Firewall) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| ''' | ||
| Coursera: | ||
| - Software Defined Networking (SDN) course | ||
| -- Module 6 Programming Assignment | ||
| Professor: Nick Feamster | ||
| Teaching Assistant: Muhammad Shahbaz | ||
| ''' | ||
|
|
||
| ################################################################################ | ||
| # The Pyretic Project # | ||
| # frenetic-lang.org/pyretic # | ||
| # author: Joshua Reich ([email protected]) # | ||
| ################################################################################ | ||
| # Licensed to the Pyretic Project by one or more contributors. See the # | ||
| # NOTICES file distributed with this work for additional information # | ||
| # regarding copyright and ownership. The Pyretic Project licenses this # | ||
| # file to you under the following license. # | ||
| # # | ||
| # Redistribution and use in source and binary forms, with or without # | ||
| # modification, are permitted provided the following conditions are met: # | ||
| # - Redistributions of source code must retain the above copyright # | ||
| # notice, this list of conditions and the following disclaimer. # | ||
| # - Redistributions in binary form must reproduce the above copyright # | ||
| # notice, this list of conditions and the following disclaimer in # | ||
| # the documentation or other materials provided with the distribution. # | ||
| # - The names of the copyright holds and contributors may not be used to # | ||
| # endorse or promote products derived from this work without specific # | ||
| # prior written permission. # | ||
| # # | ||
| # Unless required by applicable law or agreed to in writing, software # | ||
| # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # | ||
| # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # | ||
| # LICENSE file distributed with this work for specific language governing # | ||
| # permissions and limitations under the License. # | ||
| ################################################################################ | ||
|
|
||
| from pyretic.lib.corelib import * | ||
| from pyretic.lib.std import * | ||
|
|
||
| # insert the name of the module and policy you want to import | ||
| from pyretic.examples.pyretic_switch import act_like_switch | ||
| from csv import DictReader | ||
| from collections import namedtuple | ||
| import os | ||
|
|
||
| policy_file = "%s/pyretic/pyretic/examples/firewall-policies.csv" % os.environ[ 'HOME' ] | ||
| Policy = namedtuple('Policy', ('mac_0', 'mac_1')) | ||
|
|
||
| def main(): | ||
| # Read in the policies from the firewall-policies.csv file | ||
| def read_policies (file): | ||
| with open(file, 'r') as f: | ||
| reader = DictReader(f, delimiter = ",") | ||
| policies = {} | ||
| for row in reader: | ||
| policies[row['id']] = Policy(MAC(row['mac_0']), MAC(row['mac_1'])) | ||
| return policies | ||
|
|
||
| policies = read_policies(policy_file) | ||
|
|
||
| # start with a policy that doesn't match any packets | ||
| not_allowed = none | ||
|
|
||
| # and add traffic that isn't allowed | ||
| # Note: this uses the same policy named tuple from the POX | ||
| # firewall code. Please refer there for further info | ||
| for policy in policies.itervalues(): | ||
| not_allowed = not_allowed + ( <traffic going in one direction> ) + ( <traffic going in the other direction> ) | ||
|
|
||
| # express allowed traffic in terms of not_allowed - hint use '~' | ||
| allowed = <...> | ||
|
|
||
| # and only send allowed traffic to the mac learning (act_like_switch) logic | ||
| return allowed >> act_like_switch() | ||
|
|
||
|
|
||
|
|