Remember that you will need to rewrite every packet in the connection in both
directions. You will need to install flow rules such that each packet comes to
the controller, and you'll need to rewrite addresses in both directions.
Remember that the packets from the machine on port 3 will contain that
machine's IP address as the source, which isn't the IP address the packets are
addressed to as far as the sender is concerned.
Is there any reason why you need to rewrite the seq/ack numbers too, as you
seem to be doing below? This will make things harder, and you'll need to save
some state on the controller and continue rewriting them for every packet in
the connection too.
This is a difficult approach.
Yes, the approach I suggest can be done in mininet. You'll probably have to
run the "middlebox" process inside mininet, though.
-- Murphy
On Aug 24, 2011, at 12:28 AM, Kalapriya Kannan1 wrote:
>
> hi McCauley,
>
> By original connection I mean that the connection is to a machine on port 2
> (so no header rewriting to the machine on port 2), but i am trying to
> interpret it and send it to a machine on port 3. I am trying to do this in
> the mininet, so is it possible to achieve the approach you have mentioned in
> mininet?
>
> regards,
> kalapriya.
>
>
>
>
> From: Murphy McCauley <jam...@nau.edu>
> To: Kalapriya Kannan1/India/IBM@IBMIN
> Cc: nox-dev@noxrepo.org
> Date: 08/24/2011 07:30 AM
> Subject: Re: [nox-dev] IP header rewriting in PySwitch
>
>
>
> It's difficult to guess from here.
>
> One thing that strikes me is that you say that it works if you send it to a
> machine on port 2, but not to a machine on port 3. I assume you mean if you
> change the destination IP address and destination ethernet address AND send
> it out port 2.
>
> I'm not sure what you're trying to accomplish, but one thing to consider
> might be to actually create a proxy process. Have it listen on some port.
> When you see a connection you want to proxy, install a flow to rewrite the
> header and output port so it ends up at the proxy. Then have the proxy
> connect to the remote host. This is going to be way more efficient than
> having every packet from the flow go through OpenFlow and NOX.
>
> -- Murphy
>
> On Aug 23, 2011, at 6:32 PM, Kalapriya Kannan1 wrote:
>
>
> hi Murphy,
>
> I take your suggestion that we should install flows to rewrite headers, but
> the scenario I wanted to handle is somewhat like a proxy scenario that
> interprets a tcp connection and tries to open a new tcp connection to a new
> destination. I try to do this ..
>
> # Receive the packet from the inport
> if (inport =1 )
> ippacket =packet.find('ipv4')
>
> #change the sequence and ack to X and Y, sequence number seems to be correct
> as i can see the packet in the wireshark.
> tcppacket.seq =X
> tcppacket.ack = Y
> ippacket.set_payload(tcppacket)
>
>
> #change the destination ip
> ippacket.dstip = convert_to_ipaddr("X.X.X.X")
>
> #create a ethernet packet and set this ip as payload
> replypkt =ethernet()
> replypkt.set_payload(ippacket)
>
> #find the tcp packet in this ethernetpacket and calculate the sum
> outgoing_tcp = replypkt.find('tcp')
> outgoing_tcp.csum = outgoing_tcp.checksum()
>
> #set the tcp back as payload for ip and then for ethernet
> ippacket.set_payload(outgoing_tcp)
> replypkt.set_payload(ippacket)
>
> replypkt.type = ethernet.IP_TYPE
> replypkt.src = octstr_to_array("00:00:00:00:00:0b")
> replypkt.dst = octstr_to_array("00:00:00:00:00:0d")
>
> #Send it to a host on port 3, the orginal packets are actually destined to a
> machines on port 2, but i am redirecting with header rewritten to port 3
> outport=3
> inst.send_openflow_packet(dpid,replypkt.tostring(),3)
>
> I am again able to see this packet in the wireshark (sequence numbers seems
> to be correct) and also in the tcp dump of the host machine (on port 3). If i
> directly send the packets to port 2 (original connection), the connection is
> established and the application responds with a message that connection is
> established. But with port 3 it is not happening on the host machine.
>
>
>
> From: Murphy McCauley <jam...@nau.edu>
> To: Kalapriya Kannan1/India/IBM@IBMIN
> Cc: nox-dev@noxrepo.org
> Date: 08/21/2011 01:04 AM
> Subject: Re: [nox-dev] IP header rewriting in PySwitch
>
>
>
> Well for one thing, the checksum in the TCP portion is going to be wrong
> since you changed the IP address.
> So you'll need to have something similar to the following in there before you
> actually send it:
> tcppkt = replypkt.find('tcp')
> if tcppkt is not None: tcppkt.csum = tcppkt.checksum()
>
> (That's from memory, it might be a bit off.)
>
> I'm not sure what other problems you might have with the packet. That one
> should have actually showed up in Wireshark, though. Please take a close
> look at the packet that actually gets to the destination and make sure it's
> all correct.
>
> Another problem you may be having is that if you let pyswitch install a flow,
> you'll stop seeing these packets at the controller and thus stop being able
> to rewrite them.
>
> If all you want to do is rewrite some fields in the IP header, you should
> consider using OpenFlow to do it (by installing a flow with some rewrite
> actions) rather than actually doing it within NOX.
>
> Hope that helps.
>
> -- Murphy
>
> On Aug 20, 2011, at 10:51 AM, Kalapriya Kannan1 wrote:
>
>
> hi,
>
> I am trying to re-write IP header in pyswitch using the following code below
>
> /* obtain ip header and packet for the incoming packet*.
>
> if packet.type == ethernet.IP_TYPE:
> iph = packet.find('ipv4')
>
> /* if there is a incoming packet in port 1, rewrite the header to have
> destination ip address to "X.X.X.X" */
>
> if(inport ==1 ):
> iph.dstip = convert_to_ipaddr("X.X.X.X")
> replypkt =ethernet()
> replypkt.set_payload(iph)
> replypkt.type = ethernet.IP_TYPE
> replypkt.src = octstr_to_array("00:00:00:00:00:0b")
> replypkt.dst = octstr_to_array("00:00:00:00:00:0d")
> outport=3
> inst.send_openflow_packet(dpid,replypkt.tostring(),outport)
> print "Information in the outgoing packet"
> ip_packet = replypkt.find('ipv4')
> print ip_packet
> print ip_packet.srcip
> print ip_packet.dstip
>
> I extract the ip, change the dstip in ip header to X.X.X.X. A ethernet packet
> is created which will carry this IP in its payload.
> I try to perform a simple TCP connection.
>
> Using wireshark I am able to see a TCP syn packet arriving at port 3. A host
> whose IP is X.X.X.X attached to port 3 with ethernet address
> "00:00:00:00:00:0d" is also able to receive it. I am able to observe this
> using tcpdump. But the host on port 3 is not generating a syn +ack packet in
> response to this syn. Am I missing something?
> _______________________________________________
> nox-dev mailing list
> nox-dev@noxrepo.org
> http://noxrepo.org/mailman/listinfo/nox-dev
>
>
_______________________________________________
nox-dev mailing list
nox-dev@noxrepo.org
http://noxrepo.org/mailman/listinfo/nox-dev
