def run_adaptive_redundancy(host_num, coder_log_conf):
"""Run network application for multi-hop topology
:param host_num (int): Number of hosts
:param profile (int): To be tested profile
:param coder_log_conf (dict): Configs for logs of coders
"""
net = Containernet(controller=RemoteController,
link=TCLink,
autoStaticArp=True)
mgr = VNFManager(net)
hosts = create_topology(net, host_num)
try:
info("*** Starting network\n")
net.start()
# MARK: Use static ARP to avoid ping losses
# info("*** Ping all to update ARP tables of each host\n")
# net.pingAll()
info("*** Adding OpenFlow rules\n")
add_ovs_flows(net, host_num)
info("*** Disable Checksum offloading\n")
disable_cksum_offload(host_num)
info("*** Deploy coders\n")
coders = deploy_coders(mgr, hosts)
# Wait for coders to be ready
info("*** Starting Ryu controller\n")
c0 = net.get("c0")
makeTerm(c0, cmd="ryu-manager adaptive_rlnc_sdn_controller.py ; read")
# s2 = net.get('s2')
# makeTerm(s2, cmd="watch -n 1 ovs-ofctl dump-flows s2")
# s4 = net.get('s4')
# makeTerm(s4, cmd="watch -n 1 ovs-ofctl dump-flows s4")
time.sleep(3)
info("*** Run Iperf\n")
run_iperf_test(hosts[0], hosts[-1], "udp", 30)
print_coders_log(coders, coder_log_conf)
remove_coders(mgr, coders)
info("*** Emulation stops...")
except Exception as e:
error("*** Emulation has errors:")
error(e)
finally:
info("*** Stopping network\n")
net.stop()
mgr.stop()
def setUpClass(cls):
dargs = {"dimage": "dev_test"}
dhost_test = functools.partial(DockerHost, **dargs)
cls.net = Containernet(
topo=TestTopo(HOST_NUM),
switch=OVSBridge,
host=dhost_test,
autoSetMacs=True,
autoStaticArp=True,
)
cls.net.start()
cls.mgr = VNFManager(cls.net)
def run_multihop_nc_test(host_num, profile, coder_log_conf):
config_ipv6(action="disable")
net = Containernet(controller=Controller, link=TCLink, autoStaticArp=True)
mgr = VNFManager(net)
hosts = create_topology(net, host_num)
# Number of relays in the middle.
relay_num = host_num - 2 - 2
rec_st_idx = 2
try:
info("*** Starting network\n")
net.start()
info("*** Adding OpenFlow rules\n")
add_ovs_flows(net, host_num)
info("*** Disable Checksum offloading\n")
disable_cksum_offload(host_num)
if profile == PROFILES["forward_vs_recode"]:
info("*** Run experiment to compare forwarding and recoding.\n")
for action in ["forward", "recode"]:
action_map = [action] * relay_num
info("Number of relays: %s, the action map: %s\n" %
(relay_num, ", ".join(action_map)))
coders = deploy_coders(mgr, hosts, rec_st_idx, relay_num,
action_map)
# Wait for coders to be ready
time.sleep(3)
run_iperf_test(hosts[0], hosts[-1], "udp", IPERF_TEST_DURATION)
print_coders_log(coders, coder_log_conf)
remove_coders(mgr, coders)
info("*** Emulation stops...\n")
except Exception as e:
error("*** Emulation has errors:\n")
error(e)
finally:
info("*** Stopping network\n")
net.stop()
mgr.stop()
config_ipv6(action="enable")
def testTopo():
"Create an empty network and add nodes to it."
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
h1 = net.addDockerHost("h1",
dimage="sec_test",
ip="10.0.0.1",
docker_args={"cpuset_cpus": "0"})
h2 = net.addDockerHost("h2",
dimage="sec_test",
ip="10.0.0.2",
docker_args={"cpuset_cpus": "0"})
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, h1, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, h2, bw=10, delay="10ms")
info("*** Starting network\n")
net.start()
test_connection(h2)
info("*** Add drop all nftables rule\n")
h1.cmd("nft add table inet filter")
h1.cmd(
"nft add chain inet filter input { type filter hook input priority 0 \; policy accept \; }"
)
h1.cmd("nft add rule inet filter input ip saddr 10.0.0.2 counter drop")
test_connection(h2)
print(h1.cmd("nft list table inet filter"))
info("*** Stopping network")
net.stop()
def testTopo():
"Create an empty network and add nodes to it."
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
h1 = net.addDockerHost(
"h1",
dimage="sec_test",
ip="10.0.0.1",
docker_args={
"cpuset_cpus": "0",
"nano_cpus": int(1e8)
},
)
h2 = net.addDockerHost(
"h2",
dimage="sec_test",
ip="10.0.0.2",
docker_args={
"cpuset_cpus": "0",
"nano_cpus": int(1e8)
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, h1, bw=10, delay="1ms", use_htb=True)
net.addLinkNamedIfce(s1, h2, bw=10, delay="1ms", use_htb=True)
info("*** Starting network\n")
net.start()
info("*** Create wg key pairs\n")
h1.cmd("umask 077; wg genkey > privatekey")
h1.cmd("wg pubkey < privatekey > publickey")
h1_pubkey = h1.cmd("cat ./publickey").replace("\n", " ").replace("\r", "")
h2.cmd("umask 077; wg genkey > privatekey")
h2.cmd("wg pubkey < privatekey > publickey")
h2_pubkey = h2.cmd("cat ./publickey").replace("\n", " ").replace("\r", "")
info("*** Create wg interfaces\n")
h1.cmd("ip link add dev wg0 type wireguard")
h1.cmd("ip address add dev wg0 192.168.0.1/24")
h2.cmd("ip link add dev wg0 type wireguard")
h2.cmd("ip address add dev wg0 192.168.0.2/24")
info("*** Setup peer configuration\n")
h1.cmd(
"wg set wg0 listen-port 1337 private-key ./privatekey peer {} allowed-ips 192.168.0.0/24 endpoint 10.0.0.2:1337"
.format(h2_pubkey))
h1.cmd("ip link set up dev wg0")
h2.cmd(
"wg set wg0 listen-port 1337 private-key ./privatekey peer {} allowed-ips 192.168.0.0/24 endpoint 10.0.0.1:1337"
.format(h1_pubkey))
h2.cmd("ip link set up dev wg0")
info("*** Test the connection\n")
print("* Ping test count: %d" % PING_COUNT)
ret = h1.cmd("ping -c %d 192.168.0.2" % PING_COUNT)
sent, received = tool.parsePing(ret)
measured = ((sent - received) / float(sent)) * 100.0
print("* Measured loss rate: {:.2f}%".format(measured))
info("*** Stopping network")
net.stop()
for h in hosts:
c = ", ".join(mgr.getContainersDhost(h))
tmp.append(f"DockerHost: {h}, APP containers on it: {c}")
print("*** Current deployed APP containers:")
print("\n".join(tmp))
if __name__ == "__main__":
# Only used for auto-testing.
AUTOTEST_MODE = os.environ.get("COMNETSEMU_AUTOTEST_MODE", 0)
setLogLevel("info")
net = Containernet(controller=Controller, link=TCLink, xterms=False)
mgr = VNFManager(net)
info("*** Add controller\n")
net.addController("c0")
info("*** Creating hosts\n")
h1 = net.addDockerHost("h1",
dimage="dev_test",
ip="10.0.0.1",
docker_args={"hostname": "h1"})
h2 = net.addDockerHost("h2",
dimage="dev_test",
ip="10.0.0.2",
docker_args={"hostname": "h2"})
def run_topo():
net = Containernet(
controller=Controller, link=TCLink, switch=OVSBridge, topo=TestTopo(2)
)
info("*** Adding controller\n")
net.addController("c0")
info("*** Starting network\n")
net.start()
net.pingAll()
h1 = net.get("h1")
h2 = net.get("h2")
net.iperf((h1, h2), l4Type="UDP", udpBw="10M")
info("*** Stopping network")
net.stop()
def start() -> None:
net = Containernet(build=False, link=TCLink, xterms=False)
mgr = VNFManager(net)
rx_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
rx_socket.bind(("127.0.0.1", 8016))
cnt: int = 0
active_container: bool = False
full_tree: bool = False
info("\n*** Adding Controller\n")
controller1: RemoteController = net.addController(
"controller1", controller=RemoteController, ip="127.0.0.1", port=6633)
controller1.start()
info("\n*** Adding Hosts\n")
client1: DockerHost = net.addDockerHost(
"client1",
dimage="mec_test",
ip="10.0.0.10",
mac="00:00:00:00:00:01",
docker_args={"volumes": {
"/tmp": {
"bind": "/tmp",
"mode": "rw"
}
}},
)
probe1: DockerHost = net.addDockerHost(
"probe1",
dimage="mec_test",
docker_args={},
ip="10.0.0.40",
mac="00:00:00:00:01:ff",
)
server1: DockerHost = net.addDockerHost(
"server1",
dimage="mec_test",
ip="10.0.0.21",
mac="00:00:00:00:01:01",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
server2: DockerHost = net.addDockerHost(
"server2",
dimage="mec_test",
ip="10.0.0.22",
mac="00:00:00:00:01:02",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
server3: DockerHost = net.addDockerHost(
"server3",
dimage="mec_test",
ip="10.0.0.23",
mac="00:00:00:00:01:03",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
server4: DockerHost = net.addDockerHost(
"server4",
dimage="mec_test",
ip="10.0.0.24",
mac="00:00:00:00:01:04",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
if full_tree:
server5: DockerHost = net.addDockerHost(
"server5",
dimage="mec_test",
ip="10.0.0.25",
mac="00:00:00:00:01:05",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
server6: DockerHost = net.addDockerHost(
"server6",
dimage="mec_test",
ip="10.0.0.26",
mac="00:00:00:00:01:06",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
server7: DockerHost = net.addDockerHost(
"server7",
dimage="mec_test",
ip="10.0.0.27",
mac="00:00:00:00:01:07",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
server8: DockerHost = net.addDockerHost(
"server8",
dimage="mec_test",
ip="10.0.0.28",
mac="00:00:00:00:01:08",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
info("\n*** Adding Switches\n")
switch1: OVSSwitch = net.addSwitch("switch1")
switch11: OVSSwitch = net.addSwitch("switch11")
switch12: OVSSwitch = net.addSwitch("switch12")
switch111: OVSSwitch = net.addSwitch("switch111")
switch112: OVSSwitch = net.addSwitch("switch112")
switch121: OVSSwitch = net.addSwitch("switch121")
switch122: OVSSwitch = net.addSwitch("switch122")
switch1.start([controller1])
switch1.cmdPrint("ovs-vsctl show")
switch11.start([controller1])
switch11.cmdPrint("ovs-vsctl show")
switch12.start([controller1])
switch12.cmdPrint("ovs-vsctl show")
switch111.start([controller1])
switch111.cmdPrint("ovs-vsctl show")
switch112.start([controller1])
switch112.cmdPrint("ovs-vsctl show")
switch121.start([controller1])
switch121.cmdPrint("ovs-vsctl show")
switch122.start([controller1])
switch122.cmdPrint("ovs-vsctl show")
info("\n*** Adding Links\n")
net.addLink(node1=switch1, node2=client1, delay="200ms", use_htb=True)
net.addLink(node1=switch1, node2=probe1, delay="50ms", use_htb=True)
net.addLink(node1=switch1, node2=switch11, delay="10ms", use_htb=True)
if full_tree:
net.addLink(node1=switch1, node2=switch12, delay="10ms", use_htb=True)
net.addLink(node1=switch11, node2=switch111, delay="10ms", use_htb=True)
net.addLink(node1=switch11, node2=switch112, delay="10ms", use_htb=True)
if full_tree:
net.addLink(node1=switch12,
node2=switch121,
delay="10ms",
use_htb=True)
net.addLink(node1=switch12,
node2=switch122,
delay="10ms",
use_htb=True)
net.addLink(node1=switch111, node2=server1, delay="100ms", use_htb=True)
net.addLink(node1=switch111, node2=server2, delay="150ms", use_htb=True)
net.addLink(node1=switch112, node2=server3, delay="200ms", use_htb=True)
net.addLink(node1=switch112, node2=server4, delay="250ms", use_htb=True)
if full_tree:
net.addLink(node1=switch121,
node2=server5,
delay="300ms",
use_htb=True)
net.addLink(node1=switch121,
node2=server6,
delay="350ms",
use_htb=True)
net.addLink(node1=switch122,
node2=server7,
delay="400ms",
use_htb=True)
net.addLink(node1=switch122,
node2=server8,
delay="450ms",
use_htb=True)
info("\n*** Starting Network\n")
net.build()
net.start()
net.pingAll() # optional
info("\n*** Adding Docker Containers\n")
client1_container: APPContainer = mgr.addContainer(
name="client1_container",
dhost="client1",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/client.py",
)
probe1_container: APPContainer = mgr.addContainer(
name="probe1_container",
dhost="probe1",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/probe_agent.py",
)
probing_server1_container: APPContainer = mgr.addContainer(
name="probing_server1_container",
dhost="server1",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/probe_server.py",
)
probing_server2_container: APPContainer = mgr.addContainer(
name="probing_server2_container",
dhost="server2",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/probe_server.py",
)
probing_server3_container: APPContainer = mgr.addContainer(
name="probing_server3_container",
dhost="server3",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/probe_server.py",
)
probing_server4_container: APPContainer = mgr.addContainer(
name="probing_server4_container",
dhost="server4",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/probe_server.py",
)
if full_tree:
probing_server5_container: APPContainer = mgr.addContainer(
name="probing_server5_container",
dhost="server5",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/probe_server.py",
)
probing_server6_container: APPContainer = mgr.addContainer(
name="probing_server6_container",
dhost="server6",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/probe_server.py",
)
probing_server7_container: APPContainer = mgr.addContainer(
name="probing_server7_container",
dhost="server7",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/probe_server.py",
)
probing_server8_container: APPContainer = mgr.addContainer(
name="probing_server8_container",
dhost="server8",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/probe_server.py",
)
time.sleep(5)
print(
f"client 1 : \n{client1_container.dins.logs().decode('utf-8')}\n"
f"probe 1 : \n{probe1_container.dins.logs().decode('utf-8')}\n"
f"probing server 1 : \n{probing_server1_container.dins.logs().decode('utf-8')}\n"
f"probing server 2 : \n{probing_server2_container.dins.logs().decode('utf-8')}\n"
f"probing server 3 : \n{probing_server3_container.dins.logs().decode('utf-8')}\n"
f"probing server 4 : \n{probing_server4_container.dins.logs().decode('utf-8')}\n"
)
if full_tree:
print(
f"probing server 5 : \n{probing_server5_container.dins.logs().decode('utf-8')}\n"
f"probing server 6 : \n{probing_server6_container.dins.logs().decode('utf-8')}\n"
f"probing server 7 : \n{probing_server7_container.dins.logs().decode('utf-8')}\n"
f"probing server 8 : \n{probing_server8_container.dins.logs().decode('utf-8')}\n"
)
# time.sleep(2)
# CLI(net)
time.sleep(30)
server_container: APPContainer = None
info("\n*** Await REST instruction from Controller\n"
) # REST -> REpresentational State Transfer
while True:
data, addr = rx_socket.recvfrom(1024)
_: str = data.decode()
print(f"{_} {_[_.__len__()-1]}")
if active_container: # if container set, remove it
mgr.removeContainer(server_container.name)
time.sleep(2) # prevent hang on waitContainerStart()
print("removing container")
server_container: APPContainer = mgr.addContainer(
name="server_container",
# update dhost appropriate to target host
dhost=f"server{_[_.__len__()-1]}",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/server.py",
)
print(
f"New container : \n{server_container.dins.logs().decode('utf-8')} on server{_[_.__len__()-1]}"
)
cnt += 1
active_container = True
time.sleep(10) # dont allow container change too frequent
if cnt > 10:
break
info("\n*** Removing Docker Containers\n")
mgr.removeContainer(client1_container.name)
mgr.removeContainer(probe1_container.name)
mgr.removeContainer(probing_server1_container.name)
mgr.removeContainer(probing_server2_container.name)
mgr.removeContainer(probing_server3_container.name)
mgr.removeContainer(probing_server4_container.name)
if full_tree:
mgr.removeContainer(probing_server5_container.name)
mgr.removeContainer(probing_server6_container.name)
mgr.removeContainer(probing_server7_container.name)
mgr.removeContainer(probing_server8_container.name)
info("\n*** Stopping Network\n")
net.stop()
mgr.stop()
def testTopo():
# xterms=True, spawn xterms for all nodes after net.start()
net = Containernet(controller=Controller, link=TCLink, xterms=True)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
h1 = net.addDockerHost(
"h1",
dimage="dev_test",
ip="10.0.0.1/24",
docker_args={
"cpuset_cpus": "0",
"nano_cpus": int(1e8),
"hostname": "h1"
},
)
h2 = net.addDockerHost(
"h2",
dimage="dev_test",
ip="10.0.0.2/24",
docker_args={
"cpuset_cpus": "0",
"nano_cpus": int(1e8),
"hostname": "h2"
},
)
h3 = net.addHost("h3", ip="10.0.0.3/24")
h4 = net.addHost("h4", ip="10.0.0.4/24")
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, h1, bw=10, delay="100ms")
net.addLinkNamedIfce(s1, h2, bw=10, delay="100ms")
net.addLinkNamedIfce(s1, h3, bw=10, delay="100ms")
net.addLinkNamedIfce(s1, h4, bw=10, delay="100ms")
info("*** Starting network\n")
net.start()
info("*** Enter CLI\n")
info("Use help command to get CLI usages\n")
CLI(net)
info("*** Stopping network")
net.stop()
def testTopo():
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
router = net.addDockerHost(
"router",
dimage="sec_test",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
internal1 = net.addDockerHost(
"internal1",
dimage="sec_test",
ip="10.0.0.2",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
internal2 = net.addDockerHost(
"internal2",
dimage="sec_test",
ip="192.168.0.2",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
internet = net.addDockerHost(
"internet",
dimage="sec_test",
ip="100.64.0.2",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
s2 = net.addSwitch("s2")
s3 = net.addSwitch("s3")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, router, bw=100, delay="10ms")
net.addLinkNamedIfce(s2, router, bw=100, delay="10ms")
net.addLinkNamedIfce(s3, router, bw=100, delay="10ms")
net.addLinkNamedIfce(s1, internal1, bw=100, delay="10ms")
net.addLinkNamedIfce(s2, internal2, bw=100, delay="10ms")
net.addLinkNamedIfce(s3, internet, bw=100, delay="10ms")
try:
info("*** Starting network\n")
net.start()
# Setup the router
router.cmd("ip a a 10.0.0.1/24 dev router-s1")
router.cmd("ip a a 192.168.0.1/24 dev router-s2")
router.cmd("ip a a 100.64.0.1/24 dev router-s3")
# Configure the router as default gateway
internal1.cmd("ip r c default via 10.0.0.1")
internal2.cmd("ip r c default via 192.168.0.1")
internet.cmd("ip r c default via 100.64.0.1")
# Start some services
internal2.cmd("service ssh start")
internal2.cmd("nc -l -p 1337 &")
router.cmd("service ssh start")
# Create whitelist
info("*** Create firewall whitelist\n")
router.cmd("nft add table inet filter")
router.cmd(
"nft add chain inet filter forward { type filter hook forward priority 0 \; policy drop \; }"
)
router.cmd(
"nft add rule inet filter forward ct state established,related ip daddr 192.168.0.0/24 accept"
)
router.cmd(
"nft add rule inet filter forward ip saddr 10.0.0.0/24 accept")
router.cmd(
"nft add rule inet filter forward ip saddr 192.168.0.0/24 accept")
info(
"*** Rewrite the present filter ruleset and create one chain for each of the 3 networks.\n"
)
info(
"*** You can use the network interfaces to distinguish the traffic from the networks.\n"
)
info(
"*** Additionally filter traffic to the ports 22 and 1337 on the router and the internal networks.\n"
)
while not check_connectivity_between_hosts(router, internal1,
internal2, internet):
sleep(5)
except KeyboardInterrupt:
info("** KeyboardInterrupt detected, exit the program.\n")
finally:
info("*** Stopping network")
net.stop()
def testTopo():
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
client = net.addDockerHost(
"client",
dimage="sec_test",
ip="10.0.0.1/24",
docker_args={"cpuset_cpus": "1", "cpu_quota": 25000},
)
server = net.addDockerHost(
"server",
dimage="nginx",
ip="10.0.0.2/24",
docker_args={"cpuset_cpus": "1", "cpu_quota": 25000},
)
attacker = net.addDockerHost(
"attacker",
dimage="sec_test",
ip="10.0.0.3/24",
docker_args={"cpuset_cpus": "0", "cpu_quota": 25000},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, client, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, server, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, attacker, bw=10, delay="10ms")
try:
info("*** Starting network\n")
net.start()
info("** client -> server\n")
info("** " + str(test_connection(client, "10.0.0.2")) + "\n")
info("** attacker -> server\n")
info("** " + str(test_connection(attacker, "10.0.0.2")) + "\n")
info(
"*** The client and the attacker can both communicate with the server \n\n"
)
# Create blacklist
info(
"*** Create a blacklist that stops the attacker from accessing the server.\n"
)
info(
"*** First create a nftables table for IPv4 and IPv6 and then add a base chain connected to the input hook.\n"
)
info(
"*** Finally add a rule to the base chain that drops packets coming from the attacker (10.0.0.3).\n"
)
info("*** When the attacker is blocked the exercise continues.\n")
# Check if client can connect and attacker can not.
while not test_connection(client, "10.0.0.2") or test_connection(
attacker, "10.0.0.2"
):
sleep(5)
info("** client -> server\n")
info("** " + str(test_connection(client, "10.0.0.2")) + "\n")
test_connection(client, "10.0.0.2")
info("** attacker -> server\n")
info("** " + str(test_connection(attacker, "10.0.0.2")) + "\n")
info("\n")
info(
"*** The attacker is blocked and the client can still access the server.\n"
)
info("*** The attacker changed her IP address to a different one!\n")
info(
"*** Implement a whitelist that only allows the client to connect to the server.\n"
)
attacker_ip = "10.0.0." + str(random.randint(3, 250))
attacker.cmd("ip a f dev attacker-s1")
attacker.cmd("ip a a " + attacker_ip + "/24 dev attacker-s1")
info("** attacker -> server\n")
info("** " + str(test_connection(attacker, "10.0.0.2")) + "\n")
# Check if client can connect and attacker can not.
while not test_connection(client, "10.0.0.2") or test_connection(
attacker, "10.0.0.2"
):
sleep(5)
info("\n")
# The server can talk back to server
info("** client -> server\n")
info("** " + str(test_connection(client, "10.0.0.2")) + "\n")
test_connection(client, "10.0.0.2")
info("** attacker -> server\n")
info("** " + str(test_connection(attacker, "10.0.0.2")) + "\n")
except KeyboardInterrupt:
info("** KeyboardInterrupt detected, exit the program.\n")
finally:
info("*** Stopping network")
net.stop()
def test_ovx():
try:
ip = "127.0.0.1"
port = 6633
info("*** Add remote controller\n")
c = RemoteController("c", ip=ip, port=port)
net = Containernet(
autoStaticArp=True, autoSetMacs=True, controller=None, link=TCLink
)
net.addController(c)
info("*** Add switches, hosts and links \n")
# Add core switches
cores = {}
for switch in CORES:
cores[switch] = net.addSwitch(switch, dpid=(CORES[switch]["dpid"] % "0"))
# Add hosts and connect them to their core switch
for switch in CORES:
for count in range(1, FANOUT + 1):
# Add hosts
host = "h_%s_%s" % (switch, count)
ip = "10.0.0.%s" % count
mac = CORES[switch]["dpid"][4:] % count
h = net.addDockerHost(host, dimage="dev_test", ip=ip, mac=mac)
# Connect hosts to core switches
net.addLink(cores[switch], h)
# Connect core switches
net.addLink(cores["SFO"], cores["SEA"])
net.addLink(cores["SEA"], cores["SLC"])
net.addLink(cores["SFO"], cores["LAX"])
net.addLink(cores["LAX"], cores["SLC"])
net.addLink(cores["LAX"], cores["IAH"])
net.addLink(cores["SLC"], cores["MCI"])
net.addLink(cores["MCI"], cores["IAH"])
net.addLink(cores["MCI"], cores["ORD"])
net.addLink(cores["IAH"], cores["ATL"])
net.addLink(cores["ORD"], cores["ATL"])
net.addLink(cores["ORD"], cores["CLE"])
net.addLink(cores["ATL"], cores["IAD"])
net.addLink(cores["CLE"], cores["IAD"])
net.addLink(cores["CLE"], cores["EWR"])
net.addLink(cores["EWR"], cores["IAD"])
info("*** Start network... \n")
net.start()
print(
"Hosts configured with IPs, switches pointing to OpenVirteX at %s:%s"
% (ip, port)
)
info("[OVX] Create a virtual network between SEA and LAX\n")
wd = os.getcwd()
os.chdir(OVXCTL_DIR)
commands = [
# Create virtual networks
"python2 ovxctl.py createNetwork tcp:{}:{} 10.0.0.0 16".format(
SDN_CONTROLLER_IP, SDN_CONTROLLER_PORT
),
# Create virtual switches
"python2 ovxctl.py -n createSwitch 1 00:00:00:00:00:00:01:00",
"python2 ovxctl.py -n createSwitch 1 00:00:00:00:00:00:02:00",
"python2 ovxctl.py -n createSwitch 1 00:00:00:00:00:00:03:00",
# Create virtual ports
"python2 ovxctl.py -n createPort 1 00:00:00:00:00:00:01:00 1",
"python2 ovxctl.py -n createPort 1 00:00:00:00:00:00:01:00 5",
"python2 ovxctl.py -n createPort 1 00:00:00:00:00:00:02:00 5",
"python2 ovxctl.py -n createPort 1 00:00:00:00:00:00:02:00 6",
"python2 ovxctl.py -n createPort 1 00:00:00:00:00:00:03:00 5",
"python2 ovxctl.py -n createPort 1 00:00:00:00:00:00:03:00 2",
# Create virtual links
"python2 ovxctl.py -n connectLink 1 00:a4:23:05:00:00:00:01 2 00:a4:23:05:00:00:00:02 1 spf 1",
"python2 ovxctl.py -n connectLink 1 00:a4:23:05:00:00:00:02 2 00:a4:23:05:00:00:00:03 1 spf 1",
# Connect hosts
"python2 ovxctl.py -n connectHost 1 00:a4:23:05:00:00:00:01 1 00:00:00:00:01:01",
"python2 ovxctl.py -n connectHost 1 00:a4:23:05:00:00:00:03 2 00:00:00:00:03:02",
# Start virtual network
"python2 ovxctl.py -n startNetwork 1",
]
for cmd in commands:
ret = check_output(sh_split(cmd), encoding="utf-8")
print(ret)
os.chdir(wd)
CLI(net)
except Exception as e:
error(e)
finally:
net.stop()
from comnetsemu.cli import CLI
from comnetsemu.net import Containernet
from mininet.log import setLogLevel
CURRENT_DIR = os.path.abspath(os.path.curdir)
DIMAGE = "coin_dl:0.1.0"
if __name__ == "__main__":
if os.geteuid() != 0:
print("Run this script with sudo.", file=sys.stderr)
sys.exit(1)
setLogLevel("error")
try:
net = Containernet(xterms=False, )
dev = net.addDockerHost(
"dev",
dimage=f"{DIMAGE}",
ip="10.0.1.11/16",
docker_args={
"hostname": "dev",
"volumes": {
"/dev": {
"bind": "/dev",
"mode": "rw"
},
CURRENT_DIR: {
"bind": "/coin_dl/share",
"mode": "rw"
def myTopology():
net = Containernet(
switch=OVSKernelSwitch,
build=False,
autoSetMacs=True,
autoStaticArp=True,
link=TCLink,
)
mgr = VNFManager(net)
setLogLevel("info")
info("*** Add Switches\n")
sconfig1 = {"dpid": "%016x" % 1}
sconfig2 = {"dpid": "%016x" % 2}
sconfig3 = {"dpid": "%016x" % 3}
sconfig4 = {"dpid": "%016x" % 4}
net.addSwitch("s1", **sconfig1)
net.addSwitch("s2", **sconfig2)
net.addSwitch("s3", **sconfig3)
net.addSwitch("s4", **sconfig4)
info("*** Add Hosts\n")
host_config = dict(inNamespace=True)
#net.addHost("h1", **host_config, ip="192.0.0.1")
h1 = net.addDockerHost(
"h1",
dimage="dev_test",
ip="192.0.0.1",
docker_args={"hostname": "h1"},
)
h2 = net.addDockerHost(
"h2",
dimage="dev_test",
ip="192.0.0.2",
docker_args={"hostname": "h2"},
)
h3 = net.addDockerHost(
"h3",
dimage="dev_test",
ip="192.0.0.3",
docker_args={"hostname": "h3"},
)
h4 = net.addDockerHost(
"h4",
dimage="dev_test",
ip="192.0.0.4",
docker_args={"hostname": "h4"},
)
h5 = net.addDockerHost(
"h5",
dimage="dev_test",
ip="192.0.0.5",
docker_args={"hostname": "h5"},
)
h6 = net.addDockerHost(
"h6",
dimage="dev_test",
ip="192.0.0.6",
docker_args={"hostname": "h6"},
)
h7 = net.addDockerHost(
"h7",
dimage="dev_test",
ip="192.0.0.7",
docker_args={"hostname": "h7"},
)
info("*** Add Links\n")
net.addLink("h1", "s1", bw=B1)
net.addLink("h2", "s1", bw=B1)
net.addLink("h3", "s1", bw=B1)
net.addLink("h4", "s1", bw=B1)
net.addLink("s1", "s2", bw=B1)
net.addLink("s2", "s3", bw=B1, delay=DELAY)
net.addLink("s3", "s4", bw=B1, delay=DELAY)
net.addLink("s2", "s4", bw=B2)
net.addLink("s1", "s4", bw=B1)
net.addLink("s4", "h5", bw=B1)
net.addLink("s4", "h6", bw=B1)
net.addLink("s4", "h7", bw=B1)
info("*** Add controller\n")
controller = RemoteController("c1", ip="127.0.0.1", port=6633)
net.addController(controller)
net.build()
net.start()
srv1 = mgr.addContainer(
"srv1",
"h1",
"echo_server",
"python /home/server_ad.py",
docker_args={},
)
srv2 = mgr.addContainer(
"srv2",
"h2",
"echo_server",
"python /home/server.py",
docker_args={},
)
srv3 = mgr.addContainer(
"srv3",
"h3",
"echo_server",
"python /home/server.py",
docker_args={},
)
srv4 = mgr.addContainer(
"srv4",
"h4",
"dev_test",
"bash",
docker_args={},
)
srv5 = mgr.addContainer(
"srv5",
"h5",
"dev_test",
"bash",
docker_args={},
)
srv6 = mgr.addContainer(
"srv6",
"h6",
"dev_test",
"bash",
docker_args={},
)
srv7 = mgr.addContainer(
"srv7",
"h7",
"dev_test",
"bash",
docker_args={},
)
spawnXtermDocker("srv5")
spawnXtermDocker("srv1")
CLI(net)
mgr.removeContainer("srv1")
mgr.removeContainer("srv2")
mgr.removeContainer("srv3")
mgr.removeContainer("srv4")
mgr.removeContainer("srv5")
mgr.removeContainer("srv6")
mgr.removeContainer("srv7")
net.stop()
mgr.stop()
def testMuNF(nano_cpus):
net = Containernet(controller=Controller, link=TCLink)
mgr = VNFManager(net)
start_ts = time.time()
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding Docker hosts\n")
pktgen = net.addDockerHost(
"pktgen",
dimage=f"trex:{TREX_VER}",
ip="10.0.0.1/24",
docker_args={
"cpuset_cpus": "0",
"hostname": "pktgen",
"volumes": {
os.path.join(TREX_CONF_DIR, "trex_cfg.yaml"): {
"bind": "/etc/trex_cfg.yaml",
"mode": "rw",
},
TREX_CONF_DIR: {"bind": f"/trex/{TREX_VER}/local", "mode": "rw"},
},
},
)
dut = net.addDockerHost(
"dut",
dimage=f"ffpp:{FFPP_VER}",
ip="10.0.0.2/24",
docker_args={
"cpuset_cpus": "1,2",
"nano_cpus": int(nano_cpus),
"hostname": "dut",
"volumes": {
"/sys/bus/pci/drivers": {"bind": "/sys/bus/pci/drivers", "mode": "rw"},
"/sys/kernel/mm/hugepages": {
"bind": "/sys/kernel/mm/hugepages",
"mode": "rw",
},
"/sys/devices/system/node": {
"bind": "/sys/devices/system/node",
"mode": "rw",
},
"/dev": {"bind": "/dev", "mode": "rw"},
FFPP_DIR: {"bind": "/ffpp", "mode": "rw"},
},
},
)
s1 = net.addSwitch("s1")
# Control plane links.
net.addLinkNamedIfce(s1, pktgen)
net.addLinkNamedIfce(s1, dut)
# Data plane links.
net.addLink(
dut, pktgen, bw=1000, delay="1ms", intfName1="vnf-in", intfName2="pktgen-out"
)
net.addLink(
dut, pktgen, bw=1000, delay="1ms", intfName1="vnf-out", intfName2="pktgen-in"
)
pktgen.cmd("ip addr add 192.168.17.1/24 dev pktgen-out")
pktgen.cmd("ip addr add 192.168.18.1/24 dev pktgen-in")
dut.cmd("ip addr add 192.168.17.2/24 dev vnf-in")
dut.cmd("ip addr add 192.168.18.2/24 dev vnf-out")
# TODO: Deploy a chain of CNFs.
cnfs = list()
for n in range(1):
cnf = mgr.addContainer(
f"cnf{n}",
"dut",
f"ffpp:{FFPP_VER}",
"/bin/bash",
docker_args={
"volumes": {
"/sys/bus/pci/drivers": {
"bind": "/sys/bus/pci/drivers",
"mode": "rw",
},
"/sys/kernel/mm/hugepages": {
"bind": "/sys/kernel/mm/hugepages",
"mode": "rw",
},
"/sys/devices/system/node": {
"bind": "/sys/devices/system/node",
"mode": "rw",
},
"/dev": {"bind": "/dev", "mode": "rw"},
FFPP_DIR: {"bind": "/ffpp", "mode": "rw"},
}
},
)
cnfs.append(cnf)
net.start()
# Avoid looping
pktgen.cmd("ip addr flush dev pktgen-s1")
pktgen.cmd("ip link set pktgen-s1 down")
dut.cmd("ip addr flush dev dut-s1")
dut.cmd("ip link set dut-s1 down")
pktgen.cmd("ping -c 5 192.168.17.2")
pktgen.cmd("ping -c 5 192.168.18.2")
duration = time.time() - start_ts
print(f"Setup duration: {duration:.2f} seconds.")
CLI(net)
info("*** Stopping network\n")
net.stop()
mgr.stop()
def testTopo():
"""testTopo"""
net = Containernet(
controller=Controller,
link=TCLink,
autoSetMacs=True,
autoStaticArp=True,
xterms=True,
)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
client = net.addDockerHost(
"client",
dimage="yolov2",
ip="10.0.0.11/24",
docker_args={
"cpuset_cpus": "0",
"hostname": "client"
},
)
vnf = net.addDockerHost(
"vnf",
dimage="yolov2",
ip="10.0.0.12/24",
docker_args={
"cpuset_cpus": "0",
"hostname": "vnf"
},
)
# Run server on another vCPU since it is more compute-intensive than client
# and vnf.
server = net.addDockerHost(
"server",
dimage="yolov2",
ip="10.0.0.21/24",
docker_args={
"cpuset_cpus": "1",
"hostname": "server"
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, client, bw=10, delay="150ms", use_htb=True)
net.addLinkNamedIfce(s1, vnf, bw=10, delay="150ms", use_htb=True)
net.addLinkNamedIfce(s1, server, bw=10, delay="150ms", use_htb=True)
info("*** Starting network\n")
net.start()
net.pingAll()
add_ovs_flows()
ifces = ["s1-vnf"]
disable_cksum_offload(ifces)
info("*** Enter CLI\n")
CLI(net)
info("*** Stopping network")
net.stop()
def testTopo():
"Create an empty network and add nodes to it."
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
router = net.addDockerHost(
"router",
dimage="sec_test",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
internal1 = net.addDockerHost(
"internal1",
dimage="sec_test",
ip="10.0.0.2",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
internal2 = net.addDockerHost(
"internal2",
dimage="sec_test",
ip="192.168.0.2",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
internet = net.addDockerHost(
"internet",
dimage="sec_test",
ip="100.64.0.2",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
s2 = net.addSwitch("s2")
s3 = net.addSwitch("s3")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, router, bw=100, delay="10ms")
net.addLinkNamedIfce(s2, router, bw=100, delay="10ms")
net.addLinkNamedIfce(s3, router, bw=100, delay="10ms")
net.addLinkNamedIfce(s1, internal1, bw=100, delay="10ms")
net.addLinkNamedIfce(s2, internal2, bw=100, delay="10ms")
net.addLinkNamedIfce(s3, internet, bw=100, delay="10ms")
info("*** Starting network\n")
net.start()
# Setup the router
router.cmd("ip a a 10.0.0.1/24 dev router-s1")
router.cmd("ip a a 192.168.0.1/24 dev router-s2")
router.cmd("ip a a 100.64.0.1/24 dev router-s3")
# Configure the router as default gateway
internal1.cmd("ip r c default via 10.0.0.1")
internal2.cmd("ip r c default via 192.168.0.1")
internet.cmd("ip r c default via 100.64.0.1")
# Start some services
internal2.cmd("service ssh start")
internal2.cmd("nc -l -p 1337 &")
router.cmd("service ssh start")
check_connectivity_between_hosts(router, internal1, internal2, internet)
"""
info('*** Create firewall whitelist\n')
router.cmd("nft add table inet filter")
router.cmd("nft add chain inet filter forward { type filter hook forward priority 0 \; policy drop \; }")
router.cmd("nft add rule inet filter forward ct state established,related ip daddr 10.0.0.0/24 accept")
router.cmd("nft add rule inet filter forward ip saddr 10.0.0.0/24 accept")
router.cmd("nft add rule inet filter forward ip saddr 192.168.0.0/24 accept")
"""
router.cmd("nft add table inet filter")
router.cmd(
"nft add chain inet filter forward { type filter hook forward priority 0 \; policy drop \; }"
)
router.cmd(
"nft add chain inet filter input { type filter hook input priority 0 \; policy drop \; }"
)
router.cmd("nft add chain inet filter forward-s1")
router.cmd("nft add chain inet filter forward-s2")
router.cmd("nft add chain inet filter forward-s3")
router.cmd(
"nft add rule inet filter forward iif router-s1 counter jump forward-s1"
)
router.cmd(
"nft add rule inet filter forward iif router-s2 counter jump forward-s2"
)
router.cmd(
"nft add rule inet filter forward iif router-s3 counter jump forward-s3"
)
router.cmd(
"nft add rule inet filter forward-s1 tcp dport {ssh, 1337} drop")
router.cmd(
"nft add rule inet filter forward-s1 ip saddr 10.0.0.0/24 accept")
router.cmd(
"nft add rule inet filter forward-s2 ip saddr 192.168.0.0/24 accept")
router.cmd(
"nft add rule inet filter forward-s3 ct state established,related ip daddr 10.0.0.0/24 accept"
)
check_connectivity_between_hosts(router, internal1, internal2, internet)
info("*** Stopping network")
net.stop()
a1 = net.addDockerHost(
"a1",
dimage="applicazione",
ip="10.0.0.21",
docker_args={},
)
info("Add link\n")
net.addLink(switch, a1, bw=10, delay="10ms")
if __name__ == "__main__":
setLogLevel("info")
timeout = input("Insert time to live in min:")
net = Containernet(controller=Controller, link=TCLink)
info("Add controller c0\n")
net.addController("c0")
info("Add switch s1\n")
switch = net.addSwitch("s1")
broker()
valvole()
umidificatori()
split()
def testDockerInDocker(n):
net = Containernet(controller=Controller, link=TCLink)
mgr = VNFManager(net)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding Docker hosts and switches in a chain topology\n")
last_sw = None
hosts = list()
# Connect hosts
for i in range(n):
# Unlimited access to CPU(s) cycles in CPU_SETS
host = net.addDockerHost(
"h%s" % (i + 1),
dimage="dev_test",
ip="10.0.0.%s" % (i + 1),
docker_args={"cpuset_cpus": "0"},
)
hosts.append(host)
switch = net.addSwitch("s%s" % (i + 1))
net.addLink(switch, host, bw=10, delay="10ms")
if last_sw:
# Connect switches
net.addLink(switch, last_sw, bw=10, delay="10ms")
last_sw = switch
info("*** Starting network\n")
net.start()
info(
"*** Run a simple ping test between two internal containers deployed on h1 and h%s\n"
% n)
head = mgr.addContainer("head",
"h1",
"dev_test",
"/bin/bash",
docker_args={})
tail = mgr.addContainer("tail",
"h%s" % n,
"dev_test",
"ping -c 3 10.0.0.1",
docker_args={})
info("*** Tail start ping head, wait for 5s...")
time.sleep(5)
info("\nThe ping result of tail to head: \n")
print(tail.dins.logs().decode("utf-8"))
mgr.removeContainer(head.name)
mgr.removeContainer(tail.name)
time.sleep(3)
info("*** Run CPU resource limitation test.")
info("Update CPU limitation of all Docker hosts (h1-h%s) to %.2f %% \n" %
(n, 50.0 / n))
info("Update Memory limitation of all Docker hosts (h1-h%s) to 10MB\n" % n)
info(
"Deploy the stress app (100 % CPU and 300M memory) inside all Docker hosts to test the CPU/Memory limitation\n"
)
containers = list()
# Mark: CPU percent = cpu_quota / cpu_period. The default CPU period is
# 100ms = 100000 us
for i, h in enumerate(hosts):
h.dins.update(cpu_quota=int(50000 / n))
h.dins.update(mem_limit=10 * (1024**2)) # in bytes
c = mgr.addContainer(
"stress_app_%s" % (i + 1),
h.name,
"dev_test",
"stress-ng -c 1 -m 1 --vm-bytes 300M",
docker_args={},
)
containers.append(c)
info("Start monitoring resource usage of internal containers"
"with default sample count: 3 and sample period: 1 sec\n")
for c in containers:
usages = mgr.monResourceStats(c.name)
if usages:
print(
" The average CPU and Memory usage of container:{} is {:.2f}%, {:.2f}MB"
.format(
c.name,
(sum(u[0] for u in usages) / len(usages)),
(sum(u[1] for u in usages) / len(usages)),
))
else:
print("[ERROR] Failed to get resource usages from manager")
for c in containers:
mgr.removeContainer(c.name)
info("*** Stopping network\n")
net.stop()
mgr.stop()
# Only used for auto-testing.
AUTOTEST_MODE = os.environ.get("COMNETSEMU_AUTOTEST_MODE", 0)
# Create template host, switch, and link
hconfig = {"inNamespace": True}
http_link_config = {"bw": 1}
video_link_config = {"bw": 10}
host_link_config = {}
setLogLevel("info")
net = Containernet(
controller=Controller,
link=TCLink,
xterms=False,
autoSetMacs=True,
autoStaticArp=True,
)
mgr = VNFManager(net)
info("*** Add controller\n")
controller = RemoteController("c1", ip="127.0.0.1", port=6633)
net.addController(controller)
info("*** Creating hosts\n")
h1 = net.addDockerHost(
"h1",
dimage="dev_test",
ip="10.0.0.1",
docker_args={"hostname": "h1"},
# -*- coding: utf-8 -*-
import os
from comnetsemu.cli import CLI, spawnXtermDocker
from comnetsemu.net import Containernet, VNFManager
from mininet.link import TCLink
from mininet.log import info, setLogLevel
from mininet.node import RemoteController, Controller
if __name__ == "__main__":
print("*** Creating the net")
net = Containernet(controller=Controller,
link=TCLink,
xterms=False,
autoSetMacs=False)
mgr = VNFManager(net)
print("*** Creating hosts")
# In our topology we have 6 drones (h1->h6),
# 1 MQTT broker (h7), 1 web server (h8) and 1 web client (h9)
h1 = net.addDockerHost("D1",
dimage="dev_test",
ip="10.0.0.1",
mac="00:00:00:00:00:01",
docker_args={"hostname": "drone1"})
h2 = net.addDockerHost("D2",
dimage="dev_test",
def testTopo():
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
client = net.addDockerHost(
"client",
dimage="sec_test",
ip="10.0.0.1/24",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
server = net.addDockerHost(
"server",
dimage="nginx",
ip="10.0.0.2/24",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, client, bw=100, delay="10ms")
net.addLinkNamedIfce(s1, server, bw=100, delay="10ms")
info("*** Starting network\n")
try:
net.start()
info("** client -> server\n")
info("** " + str(test_connection(client, "10.0.0.2")) + "\n")
info("\n")
# Create whitelist
info("*** Create whitelist\n")
server.cmd("nft add table inet filter")
server.cmd(
"nft add chain inet filter input { type filter hook input priority 0 \; policy drop \; }"
)
server.cmd("nft add rule inet filter input ip saddr 10.0.0.1 accept")
# The server can talk back to client
info("** server -> client\n")
info("** " + str(test_connection(server, "10.0.0.1")) + "\n")
# But he cannot talk to some other server on the internet, this is a problem
info("** server -> internet\n")
info("** " + str(test_connection(server, "8.8.8.8")) + "\n")
info("\n")
info(
"*** The server can only communicate with the client because of the implemented whitelist filtering.\n"
)
info(
"*** When the server wants to talk to the internet the internet cannot talk back because the incoming "
"traffic is dropped.\n")
info(
"*** Use the connection tracking state to allow established connections to answer the server.\n"
)
info("*** Do this without removing the whitelist.\n")
while not test_connection(server, "8.8.8.8") or not test_connection(
client, "10.0.0.2"):
sleep(5)
info("** server -> internet\n")
info("** " + str(test_connection(server, "8.8.8.8")) + "\n")
info(
"*** Now we want to make sure that the client cannot overload the server with traffic.\n"
)
info("*** Drop all traffic of the client that exceeds 10 Mbit/s.\n")
# client is overdoing it a little and our server cannot handle all of its requests...
server.cmd("iperf -s &")
while try_to_flood_the_server(client):
sleep(5)
info("\n")
except KeyboardInterrupt:
info("** KeyboardInterrupt detected, exit the program.\n")
finally:
info("*** Stopping network")
net.stop()
def run_net():
# To be tested parameters at runtime
loss_rates = [30]
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
h1 = net.addHost(
"h1",
cls=DockerHost,
dimage="dev_test",
ip="10.0.0.1/24",
docker_args={"cpuset_cpus": "0", "nano_cpus": int(1e8)},
)
h2 = net.addHost(
"h2",
cls=DockerHost,
dimage="dev_test",
ip="10.0.0.2/24",
docker_args={"cpuset_cpus": "0", "nano_cpus": int(1e8)},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLink(h1, s1, bw=10, delay="100ms", intfName1="h1-s1", intfName2="s1-h1")
net.addLink(h2, s1, bw=10, delay="100ms", intfName1="h2-s1", intfName2="s1-h2")
info("*** Starting network\n")
net.start()
info("**** Testing bandwidth between h1 and h2\n")
net.iperf((h1, h2), l4Type="UDP", udpBw="10M")
info("*** Configure the link loss rate of h1 at runtime\n")
for loss in loss_rates:
print("* The loss rate of h1 is {:.2f}%, unidirectional".format(loss))
print("* Ping test count: %d" % PING_COUNT)
host = net.get("h1")
# INFO: The parent number is defined in mininet/link.py
ret = host.cmd(
"tc qdisc change dev {} {} handle 10: netem loss {}%".format(
"h1-s1", " parent 5:1", loss
)
)
if ret != "":
print("Failed to change loss. Error:%s\n", ret)
ret = h1.cmd("ping -c %d 10.0.0.2" % PING_COUNT)
sent, received = tool.parsePing(ret)
measured = ((sent - received) / float(sent)) * 100.0
print(
"Expected loss rate: {:.2f}%, measured loss rate: {:.2f}%".format(
loss, measured
)
)
info("*** Stopping network")
net.stop()
#! /usr/bin/env python3
# -*- coding: utf-8 -*-
import os
from comnetsemu.cli import CLI, spawnXtermDocker
from comnetsemu.net import Containernet, VNFManager
from mininet.link import TCLink
from mininet.log import info, setLogLevel
from mininet.node import Controller
if __name__ == "__main__":
setLogLevel("info")
net = Containernet(controller=Controller, link=TCLink, xterms=False)
mgr = VNFManager(net)
info("*** Add controller\n")
net.addController("c0")
info("*** Creating hosts\n")
h1 = net.addDockerHost("mqttServer",
dimage="dev_test",
ip="10.0.0.1",
docker_args={"hostname": "mqttServer"})
h2 = net.addDockerHost(
"webServer",
dimage="dev_test",
ip="10.0.0.2",
docker_args={"hostname": "webServer"},
:param ifce (str): Name of the interface.
"""
return (check_output(
shlex.split("ovs-vsctl get Interface {} ofport".format(ifce))).decode(
"utf-8").strip())
if __name__ == "__main__":
# Only used for auto-testing.
AUTOTEST_MODE = os.environ.get("COMNETSEMU_AUTOTEST_MODE", 0)
setLogLevel("info")
net = Containernet(controller=Controller, link=TCLink, xterms=False)
mgr = VNFManager(net)
info("*** Add the default controller\n")
net.addController("c0")
info("*** Creating the client and hosts\n")
h1 = net.addDockerHost("h1",
dimage="dev_test",
ip="10.0.0.11/24",
docker_args={"hostname": "h1"})
h2 = net.addDockerHost(
"h2",
dimage="dev_test",
ip="10.0.0.12/24",
def testTopo():
# xterms=True, spawn xterms for all nodes after net.start()
net = Containernet(controller=Controller, link=TCLink, xterms=True)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
compressor = net.addDockerHost(
"compressor",
dimage="o2sc",
ip="10.0.0.1/24",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000,
"hostname": "compressor"
},
)
decompressor = net.addDockerHost(
"decompressor",
dimage="o2sc",
ip="10.0.0.2/24",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000,
"hostname": "decompressor",
},
)
source_1 = net.addDockerHost(
"source_1",
dimage="o2sc",
ip="10.0.0.11/24",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000,
"hostname": "source_1"
},
)
source_2 = net.addDockerHost(
"source_2",
dimage="o2sc",
ip="10.0.0.12/24",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000,
"hostname": "source_2"
},
)
source_3 = net.addDockerHost(
"source_3",
dimage="o2sc",
ip="10.0.0.13/24",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000,
"hostname": "source_3"
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, compressor, bw=10, delay="100ms")
net.addLinkNamedIfce(s1, decompressor, bw=10, delay="100ms")
net.addLinkNamedIfce(s1, source_1, bw=10, delay="100ms")
net.addLinkNamedIfce(s1, source_2, bw=10, delay="100ms")
net.addLinkNamedIfce(s1, source_3, bw=10, delay="100ms")
info("*** Starting network\n")
net.start()
net.pingAll()
info("*** Enter CLI\n")
info("Use help command to get CLI usages\n")
CLI(net)
info("*** Stopping network")
net.stop()
def testTopo():
"Create an empty network and add nodes to it."
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
client = net.addDockerHost(
"client",
dimage="sec_test",
ip="10.0.0.1",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
server = net.addDockerHost(
"server",
dimage="sec_test",
ip="10.0.0.2",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
attacker = net.addDockerHost(
"attacker",
dimage="sec_test",
ip="10.0.0.3",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, client, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, server, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, attacker, bw=10, delay="10ms")
info("*** Starting network\n")
net.start()
info("*** Attacker, Client and Server setup\n")
client.cmd("ping -c 10 10.0.0.2")
attacker.cmd(
"printf -- '#!/bin/bash\narpspoof -i attacker-s1 -t 10.0.0.1 10.0.0.2 >> /dev/null &\narpspoof -i attacker-s1 -t 10.0.0.2 10.0.0.1 >> /dev/null &' > spoof.sh; chmod +x spoof.sh; ./spoof.sh"
)
sleep(10)
attacker.cmd("tcpdump -vvv -i attacker-s1 -B 100000 ip >> messages.log &")
sleep(10)
server.cmd("mkdir -p /var/run/vsftpd/empty")
server.cmd("vsftpd &")
info("*** Create wg key pairs\n")
client.cmd("umask 077; wg genkey > privatekey")
client.cmd("wg pubkey < privatekey > publickey")
client_pubkey = client.cmd("cat ./publickey").replace("\n", " ").replace(
"\r", "")
server.cmd("umask 077; wg genkey > privatekey")
server.cmd("wg pubkey < privatekey > publickey")
server_pubkey = server.cmd("cat ./publickey").replace("\n", " ").replace(
"\r", "")
info("*** Create wg interfaces\n")
client.cmd("ip link add dev wg0 type wireguard")
client.cmd("ip address add dev wg0 192.168.0.1/24")
server.cmd("ip link add dev wg0 type wireguard")
server.cmd("ip address add dev wg0 192.168.0.2/24")
info("*** Setup peer configuration\n")
client.cmd(
"wg set wg0 listen-port 1337 private-key ./privatekey peer {} allowed-ips 192.168.0.0/24 endpoint 10.0.0.2:1337"
.format(server_pubkey))
client.cmd("ip link set up dev wg0")
server.cmd(
"wg set wg0 listen-port 1337 private-key ./privatekey peer {} allowed-ips 192.168.0.0/24 endpoint 10.0.0.1:1337"
.format(client_pubkey))
server.cmd("ip link set up dev wg0")
test_connection(client, "192.168.0.2")
login_at_ftp_server(client, "192.168.0.2")
info("*** Extract Passwords\n")
sleep(20)
output = attacker.cmd("cat messages.log")
password_found = False
for line in output.split("\n"):
if "PASS" in line:
password_found = True
info("*** Found password: "******"\n")
if not password_found:
info("*** No password found!\n")
info("*** Stopping network\n")
net.stop()
def myTopology():
net = Containernet(
switch=OVSKernelSwitch,
build=False,
autoSetMacs=True,
autoStaticArp=True,
link=TCLink,
)
mgr = VNFManager(net)
setLogLevel("info")
info("*** Add Switches\n")
sconfig1 = {"dpid": "%016x" % 1}
sconfig2 = {"dpid": "%016x" % 2}
sconfig3 = {"dpid": "%016x" % 3}
sconfig4 = {"dpid": "%016x" % 4}
sconfig5 = {"dpid": "%016x" % 5}
net.addSwitch("s1", **sconfig1)
net.addSwitch("s2", **sconfig2)
net.addSwitch("s3", **sconfig3)
net.addSwitch("s4", **sconfig4)
net.addSwitch("s5", **sconfig5)
info("*** Add Hosts\n")
host_config = dict(inNamespace=True)
#net.addHost("h1", **host_config, ip="192.0.0.1")
h1 = net.addDockerHost(
"h1",
dimage="dev_test",
ip="192.0.0.1",
docker_args={"hostname": "h1"},
)
h2 = net.addDockerHost(
"h2",
dimage="dev_test",
ip="192.0.0.2",
docker_args={"hostname": "h2"},
)
h3 = net.addDockerHost(
"h3",
dimage="dev_test",
ip="192.0.0.3",
docker_args={"hostname": "h3"},
)
h4 = net.addDockerHost(
"h4",
dimage="dev_test",
ip="192.0.0.4",
docker_args={"hostname": "h4"},
)
h5 = net.addDockerHost(
"h5",
dimage="dev_test",
ip="192.0.0.5",
docker_args={"hostname": "h5"},
)
h6 = net.addDockerHost(
"h6",
dimage="dev_test",
ip="192.0.0.6",
docker_args={"hostname": "h6"},
)
h7 = net.addDockerHost(
"h7",
dimage="dev_test",
ip="192.0.0.7",
docker_args={"hostname": "h7"},
)
h8 = net.addDockerHost(
"h8",
dimage="dev_test",
ip="192.0.0.8",
docker_args={"hostname": "h8"},
)
info("*** Add Links\n")
net.addLink("h1", "s1", bw=B1)
net.addLink("h2", "s1", bw=B1)
net.addLink("h3", "s1", bw=B1)
net.addLink("h4", "s5", bw=B2)
net.addLink("h5", "s5", bw=B2)
net.addLink("s1", "s2", bw=B1)
net.addLink("s2", "s3", bw=B1, delay=DELAY)
net.addLink("s3", "s4", bw=B1, delay=DELAY)
net.addLink("s2", "s4", bw=B2)
net.addLink("s1", "s4", bw=B1)
net.addLink("s1", "s5", bw=B1)
net.addLink("s4", "h6", bw=B1)
net.addLink("s4", "h7", bw=B1)
net.addLink("s4", "h8", bw=B1)
info("*** Add controller\n")
controller = RemoteController("c0", ip="127.0.0.1", port=6633)
net.addController(controller)
net.build()
#controller.start()
#s1.start( [controller] )
#s2.start( [controller] )
#s1.cmd("ovs-vsctl set port s1-eth4 qos=@newqos -- --id=@newqos create QoS type=linux-htb other-config:max-rate=1000000 queues:123=@1q queues:234=@2q -- --id=@1q create queue other-config:min-rate=100000 other-config:max-rate=700000 -- --id=@2q create queue other-config:min-rate=100000 other-config:max-rate=700000")
#s1.cmd("ovs-ofctl add-flow s1 nw_src=192.0.0.2,nw_dst=192.0.0.7,actions=enqueue:4:123")
net.start()
srv1 = mgr.addContainer(
"srv1",
"h1",
"servernew",
"python /home/servernew.py",
docker_args={},
) #autonomus
srv2 = mgr.addContainer(
"srv2",
"h2",
"dev_test",
"bash",
docker_args={},
) #udp
srv3 = mgr.addContainer(
"srv3",
"h3",
"eclipse-mosquitto",
"bash",
docker_args={},
) #brocker
srv4 = mgr.addContainer(
"srv4",
"h4",
"aksakalli/mqtt-client",
"bash /home/clientnew.sh",
docker_args={},
)
srv5 = mgr.addContainer(
"srv5",
"h5",
"aksakalli/mqtt-client",
"bash",
docker_args={},
)
srv6 = mgr.addContainer(
"srv6",
"h6",
"dev_test",
"bash",
docker_args={},
)
srv7 = mgr.addContainer(
"srv7",
"h7",
"dev_test",
"bash",
docker_args={},
)
srv8 = mgr.addContainer(
"srv8",
"h8",
"dev_test",
"bash",
docker_args={},
)
spawnXtermDocker("srv2")
spawnXtermDocker("srv7")
CLI(net)
mgr.removeContainer("srv1")
mgr.removeContainer("srv2")
mgr.removeContainer("srv3")
mgr.removeContainer("srv4")
mgr.removeContainer("srv5")
mgr.removeContainer("srv6")
mgr.removeContainer("srv7")
mgr.removeContainer("srv8")
net.stop()
mgr.stop()
import time
from comnetsemu.cli import CLI
from comnetsemu.net import Containernet, VNFManager
from mininet.link import TCLink
from mininet.log import info, setLogLevel
from mininet.node import Controller
if __name__ == "__main__":
# Only used for auto-testing.
AUTOTEST_MODE = os.environ.get("COMNETSEMU_AUTOTEST_MODE", 0)
setLogLevel("info")
net = Containernet(controller=Controller, link=TCLink, xterms=False)
mgr = VNFManager(net)
info("*** Add controller\n")
net.addController("c0")
cwd = os.getcwd()
info("*** Creating hosts\n")
h1 = net.addDockerHost(
"h1",
dimage="network_measurement",
ip="10.0.0.1",
docker_args={"hostname": "h1"},
)
h2 = net.addDockerHost(
"h2",
def testTopo():
"Create an empty network and add nodes to it."
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
center = net.addDockerHost(
"center",
dimage="sec_test",
ip="10.0.0.1",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
client1 = net.addDockerHost(
"h2",
dimage="sec_test",
ip="10.0.0.2",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
client2 = net.addDockerHost(
"h3",
dimage="sec_test",
ip="10.0.0.3",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
client3 = net.addDockerHost(
"h4",
dimage="sec_test",
ip="10.0.0.4",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, center, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, client1, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, client2, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, client3, bw=10, delay="10ms")
try:
info("*** Starting network\n")
net.start()
info("*** Create wg key pairs\n")
center_private_key, center_public_key = generate_key_pair_for_host(
center)
h2_private_key, h2_public_key = generate_key_pair_for_host(client1)
h3_private_key, h3_public_key = generate_key_pair_for_host(client2)
h4_private_key, h4_public_key = generate_key_pair_for_host(client3)
info("*** Create wg interfaces\n")
info(
"*** Create a star topology with center as the center. Instead of using wg tool write a configuration for the\n"
)
info(
"*** interface and place it in /etc/wireguard/wg0.conf, then use the wg-quick command to setup the interface.\n"
)
info(
"*** The wg and wg-quick manpages contain a reference for the syntax of the configuration file.\n"
)
info(
"*** Use the network 192.168.0.0/24 for the inner tunnel and asign 192.168.0.1 to the center.\n"
)
while (not test_connection(client1, "192.168.0.1")
or not test_connection(client2, "192.168.0.1")
or not test_connection(client3, "192.168.0.1")):
sleep(10)
except KeyboardInterrupt:
info("** KeyboardInterrupt detected, exit the program.\n")
finally:
info("*** Stopping network")
net.stop()
