def sendRawRequest(socket, clientaddr, serveraddr, userid, dataid):
"""
sends 1 raw request from clientaddr to serveraddr.
"""
message = ''
message += struct.pack("i", userid)
message += struct.pack("i", dataid)
# left off: just added this
udpOut = UDP()
udpOut.sport = udpIn.dport
udpOut.dport = udpIn.sport
udpOut.data = message
udpOut.ulen=len(udpOut)
udpOut = UDP(str(udpOut))
ipOut = IP(src=ipIn.dst, dst=ipIn.src)
ipOut.p = 0x11
ipOut.data = UDP(str(udpOut))
ipOut.v = 4
ipOut.len = len(ipOut)
# put the data id into the dcsp field. (first 6 bits of tos)
ipOut.tos = dataid << 2
ethOut = Ethernet(src = ethIn.dst, dst=ethIn.src,type=ethernet.ETH_TYPE_IP, data = ipOut)
def main(serverInterface, serverIp):
dstaddr = (serverInterface, 2048, 0, 1, clientMac.decode('hex')) # where to send the packets.
serveripn = socket.inet_aton(serverIp)
# bind on an extra socket, so the kernel knows the udp port is opened.
s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s1.bind((serverIp, serverport))
s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(3)) # 3 = ETH_P_ALL, all protocol.
# s.bind((serverip, serverport))
s.bind((serverInterface, 0))
print ("generating flows.")
flows = []
for i in range(flowct):
dstip, srcip, dstport, srcport = getFlowKey(serverIp)
flow = []
for j in range(pktsPerFlow):
message = struct.pack("i", 1)
udpOut = UDP()
udpOut.sport = srcport
udpOut.dport = dstport
udpOut.data = message
udpOut.ulen=len(udpOut)
udpOut = UDP(str(udpOut))
ipOut = IP(src=srcip, dst=dstip)
ipOut.p = 0x11
ipOut.data = UDP(str(udpOut))
ipOut.v = 4
ipOut.len = len(ipOut)
ethOut = Ethernet(src=serverMac.decode('hex'), dst=clientMac.decode('hex'), type=ethernet.ETH_TYPE_IP, data = ipOut)
eo = str(ethOut)
flow.append(str(ethOut))
flows.append(flow)
print ("%s flows generated, with %s packets each."%(len(flows), len(flows[0])))
print ("sending flows packets to: %s"%str(dstaddr))
for flow in flows:
for pktstr in flow:
s.sendto(pktstr, dstaddr)
time.sleep(delay)
print ("everything send. exiting.")
return
def main(serverInterface, serverIp):
# open a socket to the switch here. Just do a send when you have a
# permission that you want to add. You can work in the controller
# interface later on, connect right to the switch, for now.
declassifierSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
declassifierSocket.connect((declassifierIp, declassifierPort))
print ("connected to declassifier.")
serveripn = socket.inet_aton(serverIp)
# bind on an extra socket, so the kernel knows the udp port is opened.
s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s1.bind((serverIp, serverport))
s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(3)) # 3 = ETH_P_ALL, all protocol.
# s.bind((serverip, serverport))
s.bind((serverInterface, 0))
print ("Starting listening loop.")
currentPermissions = set() # cache of the current permissions for flows.
while True:
pkt, srcaddr = s.recvfrom(1514) # 1500 is the mtu.. but still will this work?
print srcaddr
# print srcaddr
# srcaddr = list(srcaddr)
# srcaddr[2] = 4
# srcaddr = tuple(srcaddr)
if len(pkt)>4:
ethIn = Ethernet(pkt)
if type(ethIn.data) == IP:
ipIn = ethIn.data
if type(ipIn.data) == UDP:
udpIn = ipIn.data
if (ipIn.dst == serveripn) and (ipIn.data.dport == serverport):
# print ("got server packet")
userid, dataid = struct.unpack("ii", udpIn.data)
# print ("got request for user id: %s data id: %s"%(userid, dataid))
# print ("writing flow information to file. ")
# flowData = "%s,%s,%s,%s:%s\n"%(socket.inet_ntoa(ipIn.src), socket.inet_ntoa(ipIn.dst), udpIn.sport, udpIn.dport, userid)
# f = open(flowDataFile, "a")
# f.write(flowData)
# f.close()
# pack the information about the flow, that
# you send to the declassifier.
permission = userid
flowPermission = ''
flowPermission += ipIn.dst
flowPermission += ipIn.src
flowPermission += struct.pack("!H", udpIn.dport)
flowPermission += struct.pack("!H", udpIn.sport)
flowPermission += struct.pack("!i", permission)
# add the permissions, if they're not added yet.
if flowPermission not in currentPermissions:
currentPermissions.add(flowPermission)
# print ("intended message: %s (%s) --> %s (%s)"%\
# (socket.inet_ntoa(ipIn.dst), udpIn.dport, socket.inet_ntoa(ipIn.src), udpIn.sport))
# send the permission information to the declassifier.
# print ("sending %s bytes to declassifier"%len(flowPermission))
declassifierSocket.send(flowPermission)
# time.sleep(.000001)
# print("flow permissions sent to declassifier.")
# response just indicates whether the user has
# permission to access it according to the
# server. If you see a 0 response at the client,
# something is wrong.
if userid == dataid:
message = struct.pack("i", 1)
else:
message = struct.pack("i", 0)
# print ("sending message back to client")
udpOut = UDP()
udpOut.sport = udpIn.dport
udpOut.dport = udpIn.sport
udpOut.data = message
udpOut.ulen=len(udpOut)
udpOut = UDP(str(udpOut))
ipOut = IP(src=ipIn.dst, dst=ipIn.src)
ipOut.p = 0x11
ipOut.data = UDP(str(udpOut))
ipOut.v = 4
ipOut.len = len(ipOut)
# put the data id into the dcsp field. (first 6 bits of tos)
ipOut.tos = dataid << 2
ethOut = Ethernet(src = ethIn.dst, dst=ethIn.src,type=ethernet.ETH_TYPE_IP, data = ipOut)
# print ("-----")
# print len(message)
# print len(str(udpOut))
# print len(str(ipOut))
# print len(ethOut)
# print len(udpIn)
# print len(udpOut)
# print "_--------_"
# print str(udpIn).encode('hex_codec')
# print str(udpOut).encode('hex_codec')
# print `ethOut`
ethOut = str(ethOut)
s.sendto(ethOut, srcaddr)
def main(serverInterface, serverIp):
dstaddr = (serverInterface, 2048, 0, 1, clientMac.decode('hex')) # where to send the packets.
# open a socket to the switch here. Just do a send when you have a
# permission that you want to add. You can work in the controller
# interface later on, connect right to the switch, for now.
declassifierSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
declassifierSocket.connect((declassifierIp, declassifierPort))
print ("connected to declassifier.")
serveripn = socket.inet_aton(serverIp)
# bind on an extra socket, so the kernel knows the udp port is opened.
s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s1.bind((serverIp, serverport))
s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(3)) # 3 = ETH_P_ALL, all protocol.
# s.bind((serverip, serverport))
s.bind((serverInterface, 0))
print ("generating permissions")
permissionrecords = set()
for i in range(permissionct):
dstip = socket.inet_aton(socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff))))
srcip = socket.inet_aton(serverIp)
dstport = random.randint(1, 50000)
srcport = serverport
permissionrecord = (dstip, srcip, dstport, srcport)
permissionrecords.add(permissionrecord)
permission = 1 # the valid permission is always 1.
flowPermission = ''
flowPermission += srcip
flowPermission += dstip
flowPermission += struct.pack("!H", srcport)
flowPermission += struct.pack("!H", dstport)
flowPermission += struct.pack("!i", permission)
declassifierSocket.send(flowPermission)
time.sleep(permissionDelay)
declassifierSocket.close()
print ("%s unique flow permissions generated and send to declassifier."%len(permissionrecords))
print ("generating valid flows.")
validflows = []
permissionrecords = list(permissionrecords)
for i in range(validflowct):
validrecord = permissionrecords[i]
dstip, srcip, dstport, srcport = validrecord
flow = []
for j in range(pktsPerFlow):
message = struct.pack("i", 1)
udpOut = UDP()
udpOut.sport = srcport
udpOut.dport = dstport
udpOut.data = message
udpOut.ulen=len(udpOut)
udpOut = UDP(str(udpOut))
ipOut = IP(src=srcip, dst=dstip)
ipOut.p = 0x11
ipOut.data = UDP(str(udpOut))
ipOut.v = 4
ipOut.len = len(ipOut)
ipOut.tos = 1 << 2 # these are valid flows, so put 1 into the ip dscp field.
ethOut = Ethernet(src=serverMac.decode('hex'), dst=clientMac.decode('hex'), type=ethernet.ETH_TYPE_IP, data = ipOut)
eo = str(ethOut)
flow.append(str(ethOut))
validflows.append(flow)
print ("%s valid flows generated, with %s packets each."%(len(validflows), len(validflows[0])))
print ("generating invalidflows")
invalidflows = []
for i in range(len(validflows), len(validflows)+invalidflowct):
validrecord = permissionrecords[i]
dstip, srcip, dstport, srcport = validrecord
flow = []
for j in range(pktsPerFlow):
message = struct.pack("i", 1)
udpOut = UDP()
udpOut.sport = srcport
udpOut.dport = dstport
udpOut.data = message
udpOut.ulen=len(udpOut)
udpOut = UDP(str(udpOut))
ipOut = IP(src=srcip, dst=dstip)
ipOut.p = 0x11
ipOut.data = UDP(str(udpOut))
ipOut.v = 4
ipOut.len = len(ipOut)
if j == invalidPacketLoc:
ipOut.tos = 0 << 2 # mark the invalid packet.
else:
ipOut.tos = 1 << 2 # mark the valid packets.
ethOut = Ethernet(src=serverMac.decode('hex'), dst=clientMac.decode('hex'), type=ethernet.ETH_TYPE_IP, data = ipOut)
flow.append(str(ethOut))
invalidflows.append(flow)
print ("%s invalid flows generated, with %s packets each."%(len(invalidflows), len(invalidflows[0])))
print ("sending valid flows packets to: %s"%str(dstaddr))
for flow in validflows:
for pktstr in flow:
s.sendto(pktstr, dstaddr)
time.sleep(delay)
print ("sending invalid flow packets to: %s"%str(dstaddr))
for flow in invalidflows:
for pktstr in flow:
s.sendto(pktstr, dstaddr)
time.sleep(delay)
print ("everything send. exiting.")
return
