FT-Guard, first version

zhangmenghao · May 10, 2017 · 19d88b2 · 19d88b2
1 parent b5be294
commit 19d88b2
Show file tree

Hide file tree

Showing 7 changed files with 313 additions and 115 deletions.
diff --git a/src/main/java/net/floodlightcontroller/forwarding/Forwarding.java b/src/main/java/net/floodlightcontroller/forwarding/Forwarding.java
@@ -33,6 +33,7 @@
 import net.floodlightcontroller.core.IOFSwitch;
 import net.floodlightcontroller.core.IOFSwitchListener;
 import net.floodlightcontroller.core.PortChangeType;
+import net.floodlightcontroller.core.IListener.Command;
 import net.floodlightcontroller.core.internal.IOFSwitchService;
 import net.floodlightcontroller.core.module.FloodlightModuleContext;
 import net.floodlightcontroller.core.module.FloodlightModuleException;
@@ -56,6 +57,7 @@
 import net.floodlightcontroller.routing.IRoutingDecisionChangedListener;
 import net.floodlightcontroller.routing.IRoutingService;
 import net.floodlightcontroller.routing.Path;
+import net.floodlightcontroller.routing.RoutingDecision;
 import net.floodlightcontroller.topology.ITopologyService;
 import net.floodlightcontroller.util.FlowModUtils;
 import net.floodlightcontroller.util.OFDPAUtils;
@@ -66,6 +68,7 @@
 
 import org.projectfloodlight.openflow.protocol.OFFlowMod;
 import org.projectfloodlight.openflow.protocol.OFFlowModCommand;
+import org.projectfloodlight.openflow.protocol.OFFlowRemoved;
 import org.projectfloodlight.openflow.protocol.OFGroupType;
 import org.projectfloodlight.openflow.protocol.OFMessage;
 import org.projectfloodlight.openflow.protocol.OFPacketIn;
@@ -224,10 +227,37 @@ private void removeExpiredFlowSetId(U64 flowSetId, NodePortTuple avoid, Iterator
             }
         }
     }
-
+
+    @Override
+    public Command receive(IOFSwitch sw, OFMessage msg, FloodlightContext cntx) {
+        switch (msg.getType()) {
+            case PACKET_IN:
+                IRoutingDecision decision = null;
+                if (cntx != null) {
+                    decision = RoutingDecision.rtStore.get(cntx, IRoutingDecision.CONTEXT_DECISION);
+                }
+                Ethernet eth = IFloodlightProviderService.bcStore.get(cntx, IFloodlightProviderService.CONTEXT_PI_PAYLOAD);
+                IPv4Address srcIp = null;
+                if (eth.getEtherType() == EthType.IPv4) {
+                	IPv4 ip = (IPv4) eth.getPayload();
+                	srcIp = ip.getSourceAddress();
+                	if (srcIp != null)
+                		log.info("######PACKET_IN-{}-", srcIp.toString());
+                }
+                return this.processPacketInMessage(sw, (OFPacketIn) msg, decision, cntx);
+            case FLOW_REMOVED:
+            	OFFlowRemoved flowRemoved = (OFFlowRemoved) msg;
+            	log.info("######FLOW_REMOVED-{}-", flowRemoved.getMatch().get(MatchField.IPV4_SRC));
+            	break;
+            default:
+                break;
+        }
+        return Command.CONTINUE;
+    }
+
     @Override
     public Command processPacketInMessage(IOFSwitch sw, OFPacketIn pi, IRoutingDecision decision, FloodlightContext cntx) {
-        Ethernet eth = IFloodlightProviderService.bcStore.get(cntx, IFloodlightProviderService.CONTEXT_PI_PAYLOAD);
+    	Ethernet eth = IFloodlightProviderService.bcStore.get(cntx, IFloodlightProviderService.CONTEXT_PI_PAYLOAD);
         // We found a routing decision (i.e. Firewall is enabled... it's the only thing that makes RoutingDecisions)
         if (decision != null) {
             if (log.isTraceEnabled()) {
@@ -240,7 +270,7 @@ public Command processPacketInMessage(IOFSwitch sw, OFPacketIn pi, IRoutingDecis
                 return Command.CONTINUE;
             case FORWARD_OR_FLOOD:
             case FORWARD:
-                doForwardFlow(sw, pi, decision, cntx, false);
+                doForwardFlow(sw, pi, decision, cntx, true);
                 return Command.CONTINUE;
             case MULTICAST:
                 // treat as broadcast
@@ -261,7 +291,7 @@ public Command processPacketInMessage(IOFSwitch sw, OFPacketIn pi, IRoutingDecis
             if (eth.isBroadcast() || eth.isMulticast()) {
                 doFlood(sw, pi, decision, cntx);
             } else {
-                doForwardFlow(sw, pi, decision, cntx, false);
+                doForwardFlow(sw, pi, decision, cntx, true);
             }
         }
 
@@ -416,6 +446,13 @@ protected void doForwardFlow(IOFSwitch sw, OFPacketIn pi, IRoutingDecision decis
         DatapathId srcSw = sw.getId();
         IDevice dstDevice = IDeviceService.fcStore.get(cntx, IDeviceService.CONTEXT_DST_DEVICE);
         IDevice srcDevice = IDeviceService.fcStore.get(cntx, IDeviceService.CONTEXT_SRC_DEVICE);
+
+        Ethernet eth = IFloodlightProviderService.bcStore.get(cntx, IFloodlightProviderService.CONTEXT_PI_PAYLOAD);
+        IPv4Address srcIp = null;
+        if (eth.getEtherType() == EthType.IPv4) {
+        	IPv4 ip = (IPv4) eth.getPayload();
+        	srcIp = ip.getSourceAddress();
+        }
 
         if (dstDevice == null) {
             log.debug("Destination device unknown. Flooding packet");
@@ -477,8 +514,18 @@ protected void doForwardFlow(IOFSwitch sw, OFPacketIn pi, IRoutingDecision decis
 
         /* Validate that the source and destination are not on the same switch port */
         if (sw.getId().equals(dstAp.getNodeId()) && srcPort.equals(dstAp.getPortId())) {
-            log.info("Both source and destination are on the same switch/port {}/{}. Dropping packet", sw.toString(), srcPort);
-            return;
+        	if (srcIp != null) {
+        		if (srcIp.toString().equals("10.0.0.10"))
+        			dstAp.setPortId(OFPort.of(1));
+        		if (srcIp.toString().equals("10.0.0.1"))
+        			dstAp.setPortId(OFPort.of(4));
+        		if (sw.getId().equals(dstAp.getNodeId()) && srcPort.equals(dstAp.getPortId()))
+        			return;
+        	} else {
+        		log.info("======NULL-SAME GROUP");
+        		return;
+        	}
+//            log.info("Both source and destination are on the same switch/port {}/{}. Dropping packet", sw.toString(), srcPort);
         }			
 
         U64 flowSetId = flowSetIdRegistry.generateFlowSetId();

diff --git a/src/main/java/net/floodlightcontroller/routing/ForwardingBase.java b/src/main/java/net/floodlightcontroller/routing/ForwardingBase.java
@@ -39,6 +39,7 @@
 import net.floodlightcontroller.routing.IRoutingService;
 import net.floodlightcontroller.routing.IRoutingDecision;
 import net.floodlightcontroller.routing.Path;
+import net.floodlightcontroller.statistics.StatisticsCollector;
 import net.floodlightcontroller.topology.ITopologyService;
 import net.floodlightcontroller.util.FlowModUtils;
 import net.floodlightcontroller.util.MatchUtils;
@@ -58,6 +59,7 @@
 import org.projectfloodlight.openflow.protocol.action.OFAction;
 import org.projectfloodlight.openflow.protocol.action.OFActionOutput;
 import org.projectfloodlight.openflow.types.DatapathId;
+import org.projectfloodlight.openflow.types.IPv4Address;
 import org.projectfloodlight.openflow.types.MacAddress;
 import org.projectfloodlight.openflow.types.OFBufferId;
 import org.projectfloodlight.openflow.types.OFPort;
@@ -66,6 +68,8 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.sun.scenario.effect.light.Light;
+
 /**
  * Abstract base class for implementing a forwarding module.  Forwarding is
  * responsible for programming flows to a switch in response to a policy
@@ -80,7 +84,7 @@ public abstract class ForwardingBase implements IOFMessageListener {
 
     protected static TableId FLOWMOD_DEFAULT_TABLE_ID = TableId.ZERO;
 
-    protected static boolean FLOWMOD_DEFAULT_SET_SEND_FLOW_REM_FLAG = false;
+    protected static boolean FLOWMOD_DEFAULT_SET_SEND_FLOW_REM_FLAG = true;
 
     protected static boolean FLOWMOD_DEFAULT_MATCH_IN_PORT = true;
     protected static boolean FLOWMOD_DEFAULT_MATCH_VLAN = true;
@@ -127,6 +131,7 @@ protected void init() {
 
     protected void startUp() {
         floodlightProviderService.addOFMessageListener(OFType.PACKET_IN, this);
+        floodlightProviderService.addOFMessageListener(OFType.FLOW_REMOVED, this);
     }
 
     @Override
@@ -158,6 +163,7 @@ public Command receive(IOFSwitch sw, OFMessage msg, FloodlightContext cntx) {
             }
 
             return this.processPacketInMessage(sw, (OFPacketIn) msg, decision, cntx);
+        case FLOW_REMOVED:
         default:
             break;
         }
@@ -273,6 +279,17 @@ public boolean pushRoute(Path route, Match match, OFPacketIn pi,
                         null, // TODO how to determine output VLAN for lookup of L2 interface group
                         outPort);
             } else {
+            	IPv4Address srcIp = mb.get(MatchField.IPV4_SRC);
+            	if (srcIp != null) {
+            		int impt = 2;
+            		try {
+						impt = StatisticsCollector.hostFlowMap.get(srcIp).importance;
+					} catch (Exception e) {
+						// TODO: handle exception
+						log.info("###### {} NOT INSERTED", srcIp.toString());
+					}
+            		fmb.setImportance(impt);
+            	}
                 messageDamper.write(sw, fmb.build());
             }
 

diff --git a/src/main/java/net/floodlightcontroller/statistics/FTGuardManager.java b/src/main/java/net/floodlightcontroller/statistics/FTGuardManager.java
@@ -0,0 +1,55 @@
+package net.floodlightcontroller.statistics;
+
+import java.util.ArrayList;
+
+import org.projectfloodlight.openflow.types.DatapathId;
+import org.projectfloodlight.openflow.types.IPv4Address;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class FTGuardManager {
+	private static final Logger log = LoggerFactory.getLogger(FTGuardManager.class);
+	public boolean flag;
+
+	public FTGuardManager() {
+		this.flag = false;
+	}
+
+	public void init() {
+		// add switch to ft-guard
+		DatapathId id = DatapathId.of("00:00:00:00:00:00:00:01");
+		this.addDatapath(id);
+		this.addHost(IPv4Address.of("10.0.0.1"), id);
+		this.addHost(IPv4Address.of("10.0.0.2"), id);
+		this.addHost(IPv4Address.of("10.0.0.3"), id);
+		this.addHost(IPv4Address.of("10.0.0.10"), id);
+		initScore();
+		this.flag = true;
+	}
+
+	private void initScore() {
+		if (flag) return;
+		StatisticsCollector.scoreImptList.add(2);
+		StatisticsCollector.scoreImptList.add(6);
+		StatisticsCollector.scoreImptList.add(9);
+
+		ArrayList<Integer> array1 = new ArrayList<Integer>(); 
+		array1.add(70); array1.add(20); array1.add(10);
+		ArrayList<Integer> array2 = new ArrayList<Integer>(); 
+		array2.add(10); array2.add(80); array2.add(10);
+		StatisticsCollector.imptProbMap.put(1, array1);
+		StatisticsCollector.imptProbMap.put(2, array2);
+	}
+
+	private void addDatapath(DatapathId id) {
+		if (flag) return;
+		log.debug("######ADD-SW-{}", id.toString());
+	}
+
+	private void addHost(IPv4Address ip, DatapathId id) {
+		if (flag) return;
+		log.debug("######ADD-IP-{}, {}", ip.toString(), id.toString());
+		StatisticsCollector.hostDpMap.put(ip, id);
+		StatisticsCollector.hostFlowMap.put(ip, new HostEntry(ip));
+	}
+}
diff --git a/src/main/java/net/floodlightcontroller/statistics/HostEntry.java b/src/main/java/net/floodlightcontroller/statistics/HostEntry.java
@@ -0,0 +1,111 @@
+package net.floodlightcontroller.statistics;
+
+import org.apache.derby.catalog.Statistics;
+import org.projectfloodlight.openflow.protocol.OFFlowStatsEntry;
+import org.projectfloodlight.openflow.protocol.match.Match;
+import org.projectfloodlight.openflow.protocol.stat.Stat;
+import org.projectfloodlight.openflow.types.DatapathId;
+import org.projectfloodlight.openflow.types.IPv4Address;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.sun.xml.internal.ws.policy.privateutil.PolicyUtils.IO;
+import com.ziclix.python.sql.util.Queue;
+
+import io.netty.handler.logging.LogLevel;
+import io.netty.util.internal.ThreadLocalRandom;
+
+public class HostEntry {
+	private static final Logger log = LoggerFactory.getLogger(HostEntry.class);
+	private int number; // Ni
+	private double score; // Wi
+	private int highFlowNumber;
+	private IPv4Address ip;
+	public static int HOST_INIT_FI = 2;
+	public static int FLOW_MATCH_HIGH_THRESHOLD = 2;
+	public static int CONSTANT_T = 2;
+	public int importance;
+
+	public HostEntry(IPv4Address ipAddress) {
+		number = 0;
+		highFlowNumber = 0;
+		ip = ipAddress;		
+		importance = 2;
+		score = 0;
+	}
+
+	public void init() {
+		number = 0;
+		highFlowNumber = 0;
+		importance = 2;
+		score = 0;
+	}
+
+	public void setScore(double s) {
+		score = s;
+	}
+	public String toString() {
+		return String.valueOf((int)score) + " - " + String.valueOf(importance);
+	}
+	public int getHighFlowNumber() {
+		return highFlowNumber;
+	}
+	public int getNumber() {
+		return number;
+	}
+	public double getScore() {
+		return score;
+	}
+
+	public void compute() {
+		if (number == 0) score = 0.000001;
+		else
+			score = (double)highFlowNumber / number;
+		score *= 10;
+		int impt = 1;
+		int temp = (int)score;
+		for (int i : StatisticsCollector.scoreImptList) {
+			if (i > temp) break;
+			impt += 1;
+		}
+		importance = impt;
+	}
+
+//	public void compute() {
+//		if (number == 0) score = 0.000001;
+//		else
+//			score = (double)highFlowNumber / number;
+//		score *= 10;
+//		int impt = 1;
+//		int temp = (int)score;
+//		for (int i : StatisticsCollector.scoreImptList) {
+//			if (i > temp) break; 
+//			impt += 1;
+//		}
+//		int randomNum = ThreadLocalRandom.current().nextInt(0, 100);
+//		if (impt == StatisticsCollector.IMPORTANCE_NUM) importance = impt;
+//		else {
+//			int rank = 1;
+//			for (int i : StatisticsCollector.imptProbMap.get(impt)) {
+//				randomNum -= i;
+//				if (randomNum < 0) {
+//					importance = rank;
+//					break;
+//				}
+//				rank += 1;
+//			}
+//		}
+//	}
+
+	public void udpateByReply(OFFlowStatsEntry pse) {
+		int packetCount = (int)pse.getPacketCount().getValue();
+        number += 1;
+        if (packetCount > FLOW_MATCH_HIGH_THRESHOLD) {
+            this.highFlowNumber += 1;
+        }
+	}
+
+	public void addEntry(Match match) {
+		number += 1;
+	}
+}