new to ryu
i want the controller to diver the flow to a honeypot when it receives an
alert from snort
(using the simple switch snort); but its not working the way i want ;
attaching the code below
from __future__ import print_function
import array
from ryu.base import app_manager
from ryu.controller import ofp_event
from ryu.controller.handler import CONFIG_DISPATCHER, MAIN_DISPATCHER
from ryu.controller.handler import set_ev_cls
from ryu.ofproto import ofproto_v1_3
from ryu.lib.packet import packet
from ryu.lib.packet import ethernet
from ryu.lib.packet import ipv4, ipv6
from ryu.lib.packet import icmp, tcp, udp, arp
from ryu.lib import snortlib
class SimpleSwitchSnort(app_manager.RyuApp):
OFP_VERSIONS = [ofproto_v1_3.OFP_VERSION]
_CONTEXTS = {'snortlib': snortlib.SnortLib}
def __init__(self, *args, **kwargs):
super(SimpleSwitchSnort, self).__init__(*args, **kwargs)
self.snort = kwargs['snortlib']
self.snort_port = 3
self.mac_to_port = {}
self.datapath = None
socket_config = {'unixsock': False}
self.snort.set_config(socket_config)
self.snort.start_socket_server()
def packet_print(self, pkt):
pkt = packet.Packet(array.array('B', pkt))
eth = pkt.get_protocol(ethernet.ethernet)
_ipv4 = pkt.get_protocol(ipv4.ipv4)
_icmp = pkt.get_protocol(icmp.icmp)
if _icmp:
self.logger.info("%r", _icmp)
if _ipv4:
self.logger.info("%r", _ipv4)
if eth:
self.logger.info("%r", eth)
# for p in pkt.protocols:
# if hasattr(p, 'protocol_name') is False:
# break
# print('p: %s' % p.protocol_name)
#ipv4_dst = "192.168.1.4"
#actions = [parser.OFPActionOutput(ipv4_dst)]
#self.add_flow(datapath, priority, match, actions)
@set_ev_cls(snortlib.EventAlert, MAIN_DISPATCHER)
def process_snort_alert(self, ev):
self._dump_alert(ev)
msg = ev.msg
alertmsg = ''.join(msg.alertmsg)
if 'ryu block' in alertmsg:
self.logger.info('Diverting this flow:{0}'.format(alertmsg))
self.send_divert_flowrule(msg)
def _dump_alert(self, ev):
msg = ev.msg
print('alertmsg: %s' % ''.join(msg.alertmsg))
self.packet_print(msg.pkt)
@set_ev_cls(ofp_event.EventOFPSwitchFeatures, CONFIG_DISPATCHER)
def switch_features_handler(self, ev):
datapath = ev.msg.datapath
self.datapath = datapath
self.logger.info('add datapath id: {0}'.format(datapath.id))
ofproto = datapath.ofproto
parser = datapath.ofproto_parser
# install table-miss flow entry
#
# We specify NO BUFFER to max_len of the output action due to
# OVS bug. At this moment, if we specify a lesser number, e.g.,
# 128, OVS will send Packet-In with invalid buffer_id and
# truncated packet data. In that case, we cannot output packets
# correctly.
match = parser.OFPMatch()
actions = [parser.OFPActionOutput(ofproto.OFPP_CONTROLLER,
ofproto.OFPCML_NO_BUFFER)]
self.add_flow(datapath, 0, match, actions)
def add_flow(self, datapath, priority, match, actions):
ofproto = datapath.ofproto
parser = datapath.ofproto_parser
inst = [parser.OFPInstructionActions(ofproto.OFPIT_APPLY_ACTIONS,
actions)]
mod = parser.OFPFlowMod(datapath=datapath, priority=priority,
match=match, instructions=inst)
datapath.send_msg(mod)
@set_ev_cls(ofp_event.EventOFPPacketIn, MAIN_DISPATCHER)
def _packet_in_handler(self, ev):
msg = ev.msg
datapath = msg.datapath
ofproto = datapath.ofproto
parser = datapath.ofproto_parser
in_port = msg.match['in_port']
pkt = packet.Packet(msg.data)
eth = pkt.get_protocols(ethernet.ethernet)[0]
dst = eth.dst
src = eth.src
dpid = datapath.id
self.mac_to_port.setdefault(dpid, {})
# self.logger.info("packet in %s %s %s %s", dpid, src, dst, in_port)
# learn a mac address to avoid FLOOD next time.
self.mac_to_port[dpid][src] = in_port
if dst in self.mac_to_port[dpid]:
out_port = self.mac_to_port[dpid][dst]
else:
out_port = ofproto.OFPP_FLOOD
actions = [parser.OFPActionOutput(out_port),
parser.OFPActionOutput(self.snort_port)]
# install a flow to avoid packet_in next time
if out_port != ofproto.OFPP_FLOOD:
match = parser.OFPMatch(in_port=in_port, eth_dst=dst)
self.add_flow(datapath, 1, match, actions)
data = None
if msg.buffer_id == ofproto.OFP_NO_BUFFER:
data = msg.data
out = parser.OFPPacketOut(datapath=datapath,
buffer_id=msg.buffer_id,
in_port=in_port, actions=actions,
data=data)
datapath.send_msg(out)
def send_divert_flowrule(self, msg):
datapath = self.datapath
if datapath is None:
self.logger.info('no switch detected ')
return
ofproto = datapath.ofproto
parser = datapath.ofproto_parser
pkt = packet.Packet(array.array('B',msg.pkt))
pkt_eth = pkt.get_protocol(ethernet.ethernet)
mac_src = pkt_eth.src
eth_type = pkt_eth.ethertype
pkt_ipv4 = pkt.get_protocol(ipv4.ipv4)
if pkt_ipv4:
dst = pkt_ipv4.dst
src = "10.0.0.1"
ip_proto = pkt_ipv4.proto
pkt_tcp = pkt.get_protocol(tcp.tcp)
pkt_udp = pkt.get_protocol(udp.udp)
pkt_icmp = pkt.get_protocol(icmp.icmp)
#TCP flow
if pkt_tcp:
self.logger.info('received tcp packet')
L4_pkt = pkt_tcp
L4_src = L4_pkt.src_port
L4_dst = L4_pkt.dst_port
match = parser.OFPMatch(eth_src=mac_src,
eth_type=0x0800, ipv4_dst=pkt_ipv4.dst,
ipv4_src="10.0.0.1",
ip_proto=ip_proto, tcp_src=L4_src,
tcp_dst=L4_dst)
elif pkt_udp:
self.logger.info('received udp packet')
L4_pkt = pkt_udp
L4_src = L4_pkt.src_port
L4_dst = L4_pkt.dst_port
match = parser.OFPMatch(eth_src=mac_src,
eth_type=eth_type,
ipv4_dst=pkt_ipv4.dst, ipv4_src="10.0.0.1",
ip_proto=ip_proto, udp_src=L4_src,
udp_dst=L4_dst)
elif pkt_icmp:
self.logger.info('received icmp packet')
match = parser.OFPMatch(eth_src=mac_src,
eth_type=eth_type,
ipv4_dst=pkt_ipv4.dst, ipv4_src="10.0.0.1",
ip_proto=ip_proto)
else:
return
#out_port = 3
priority = 100
#actions = [parser.OFPActionOutput(out_port)]
#actions -modify packet header to change destination addr(this
is the redirect action part )
action_modify_headers =
[parser.OFPActionSetField(eth_dst="08:00:27:13:98:c5"),
parser.OFPActionSetField(ipv4_dst="192.168.1.4"),
parser.OFPActionOutput(2)]
self.add_flow(datapath, priority, match1, actions)
datapath.send_msg(out)
# def add_flow(self, datapath, priority, match, actions,
idle_timeout=0, hard_timeout=0, buffer_id=None):
# ofproto = datapath.ofproto
# parser = datapath.ofproto_parser
#
# inst = [parser.OFPInstructionActions(ofproto.OFPIT_APPLY_ACTIONS,
actions)]
# if buffer_id:
# mod = parser.OFPFlowMod(datapath = datapath, buffer_id =
buffer_id, priority = priority, match = match, instructions = inst)
# else:
# mod = parser.OFPFlowMod(datapath = datapath, priority =
priority, match = match, instructions = inst)
#
# datapath.send_msg(mod)
_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ryu-devel
