def main(): not_allowed = none with open(policy_file, 'rb') as f: reader = csv.DictReader(f) for row in reader: not_allowed = not_allowed match(srcmac=MAC(row['mac_0']), dstmac=MAC(row['mac_1'])) match(srcmac=MAC(row['mac_1']), dstmac=MAC(row['mac_0'])) allowed = ~not_allowed return allowed>>act_like_switch()
def main(): # start with a policy that doesn't match any packets not_allowed = none # and add traffic that isn't allowed with open(policy_file, 'rb') as f: reader = csv.DictReader(f) for row in reader: not_allowed = not_allowed | union([match(srcmac=MAC(row['mac_0']), dstmac=MAC(row['mac_1'])) | match(srcmac=MAC(row['mac_1']), dstmac=MAC(row['mac_0']))]) # express allowed traffic in terms of not_allowed - hint use '~' allowed = ~not_allowed # allowed = if_(not_allowed, drop, passthrough) # and only send allowed traffic to the mac learning (act_like_switch) logic return allowed >> act_like_switch()
def main(): # start with a policy that doesn't match any packets not_allowed = none # and add traffic that isn't allowed with open(policy_file, 'rb') as f: reader = csv.DictReader(f) for row in reader: not_allowed = not_allowed + match( srcmac=MAC(row['mac_0']), dstmac=MAC(row['mac_1'])) + match( srcmac=MAC(row['mac_1']), dstmac=MAC(row['mac_0'])) # express allowed traffic in terms of not_allowed - hint use '~' allowed = ~not_allowed # allowed = if_(not_allowed, drop, passthrough) # and only send allowed traffic to the mac learning (act_like_switch) logic return allowed >> act_like_switch()
def main(): # Copy the code you used to read firewall-policies.csv last week # start with a policy that doesn't match any packets not_allowed = none # and add traffic that isn't allowed with open(policyFile, "r") as csvfile: dictReader = csv.DictReader(csvfile) for connectionPair in dictReader: forward = match(srcmac=MAC(connectionPair['mac_0']), dstmac=MAC(connectionPair['mac_1'])) reverse = match(srcmac=MAC(connectionPair['mac_1']), dstmac=MAC(connectionPair['mac_0'])) not_allowed = not_allowed + (forward + reverse) # express allowed traffic in terms of not_allowed - hint use '~' allowed = ~not_allowed # and only send allowed traffic to the mac learning (act_like_switch) logic return allowed >> act_like_switch()
from pyretic.lib.corelib import * from pyretic.lib.std import * from pyretic.modules.mac_learner import mac_learner as act_like_switch import csv, os policy_file = "%s/pyretic/pyretic/examples/firewall-policies.csv" % os.environ[ 'HOME' ] def main(): # start with a policy that doesn't match any packets not_allowed = none # and add traffic that isn't allowed for <each pair of MAC address in firewall-policies.csv>: not_allowed = not_allowed + ( <traffic going in one direction> ) + ( <traffic going in the other direction> ) # express allowed traffic in terms of not_allowed - hint use '~' allowed = <...> # and only send allowed traffic to the mac learning (act_like_switch) logic return allowed >> act_like_switch()