-
Notifications
You must be signed in to change notification settings - Fork 0
/
firewall.py
78 lines (60 loc) · 2.35 KB
/
firewall.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
'''
Coursera:
- Software Defined Networking (SDN) course
-- Module 4 Programming Assignment
Professor: Nick Feamster
Teaching Assistant: Muhammad Shahbaz
'''
'''
Yuwei Zhang
V00805647
'''
from pox.core import core
import pox.openflow.libopenflow_01 as of
from pox.lib.revent import *
from pox.lib.util import dpidToStr
from pox.lib.addresses import EthAddr
from collections import namedtuple
import os
''' Add your imports here ... '''
import csv
log = core.getLogger()
policyFile = "%s/pox/pox/misc/firewall-policies.csv" % os.environ[ 'HOME' ]
''' Add your global variables here ... '''
class Firewall (EventMixin):
def __init__ (self):
self.listenTo(core.openflow)
self.disbaled_MAC_pair = [] # Shore a tuple of MAC pair which will be installed into the flow table of each switch.
'''
Read the CSV file
'''
with open(policyFile, 'rb') as rules:
csvreader = csv.DictReader(rules) # Map into a dictionary
for line in csvreader:
# Read MAC address. Convert string to Ethernet address using the EthAddr() function.
mac_0 = EthAddr(line['mac_0'])
mac_1 = EthAddr(line['mac_1'])
# Append to the array storing all MAC pair.
self.disbaled_MAC_pair.append((mac_0,mac_1))
log.debug("Enabling Firewall Module")
def _handle_ConnectionUp (self, event):
''' Add your logic here ... '''
'''
Iterate through the disbaled_MAC_pair array, and for each
pair we install a rule in each OpenFlow switch
'''
for (source, destination) in self.disbaled_MAC_pair:
message = of.ofp_flow_mod() # OpenFlow massage. Instructs a switch to install a flow
match = of.ofp_match() # Create a match
match.dl_src = source # Source address
match.dl_dst = destination # Destination address
message.priority = 65535 # Set priority (between 0 and 65535)
message.match = match
message.actions.append(of.ofp_action_output(port=of.OFPP_NONE)) # Output to no where (Drop the package)
event.connection.send(message) # Send instruction to the switch
log.debug("Firewall rules installed on %s", dpidToStr(event.dpid))
def launch ():
'''
Starting the Firewall module
'''
core.registerNew(Firewall)