def main():
not_allowed = none
with open(policy_file, 'rb') as f:
reader = csv.DictReader(f)
for row in reader:
not_allowed = not_allowed match(srcmac=MAC(row['mac_0']), dstmac=MAC(row['mac_1'])) match(srcmac=MAC(row['mac_1']), dstmac=MAC(row['mac_0']))
allowed = ~not_allowed
return allowed>>act_like_switch()
def main():
# start with a policy that doesn't match any packets
not_allowed = none
# and add traffic that isn't allowed
with open(policy_file, 'rb') as f:
reader = csv.DictReader(f)
for row in reader:
not_allowed = not_allowed | union([match(srcmac=MAC(row['mac_0']), dstmac=MAC(row['mac_1'])) | match(srcmac=MAC(row['mac_1']), dstmac=MAC(row['mac_0']))])
# express allowed traffic in terms of not_allowed - hint use '~'
allowed = ~not_allowed
# allowed = if_(not_allowed, drop, passthrough)
# and only send allowed traffic to the mac learning (act_like_switch) logic
return allowed >> act_like_switch()
def main():
# start with a policy that doesn't match any packets
not_allowed = none
# and add traffic that isn't allowed
with open(policy_file, 'rb') as f:
reader = csv.DictReader(f)
for row in reader:
not_allowed = not_allowed + match(
srcmac=MAC(row['mac_0']), dstmac=MAC(row['mac_1'])) + match(
srcmac=MAC(row['mac_1']), dstmac=MAC(row['mac_0']))
# express allowed traffic in terms of not_allowed - hint use '~'
allowed = ~not_allowed
# allowed = if_(not_allowed, drop, passthrough)
# and only send allowed traffic to the mac learning (act_like_switch) logic
return allowed >> act_like_switch()
def main():
# Copy the code you used to read firewall-policies.csv last week
# start with a policy that doesn't match any packets
not_allowed = none
# and add traffic that isn't allowed
with open(policyFile, "r") as csvfile:
dictReader = csv.DictReader(csvfile)
for connectionPair in dictReader:
forward = match(srcmac=MAC(connectionPair['mac_0']), dstmac=MAC(connectionPair['mac_1']))
reverse = match(srcmac=MAC(connectionPair['mac_1']), dstmac=MAC(connectionPair['mac_0']))
not_allowed = not_allowed + (forward + reverse)
# express allowed traffic in terms of not_allowed - hint use '~'
allowed = ~not_allowed
# and only send allowed traffic to the mac learning (act_like_switch) logic
return allowed >> act_like_switch()
from pyretic.lib.corelib import *
from pyretic.lib.std import *
from pyretic.modules.mac_learner import mac_learner as act_like_switch
import csv, os
policy_file = "%s/pyretic/pyretic/examples/firewall-policies.csv" % os.environ[ 'HOME' ]
def main():
# start with a policy that doesn't match any packets
not_allowed = none
# and add traffic that isn't allowed
for <each pair of MAC address in firewall-policies.csv>:
not_allowed = not_allowed + ( <traffic going in one direction> ) + ( <traffic going in the other direction> )
# express allowed traffic in terms of not_allowed - hint use '~'
allowed = <...>
# and only send allowed traffic to the mac learning (act_like_switch) logic
return allowed >> act_like_switch()
