def RonoQuarantineTest (ndmz, nhosts, nquarantine):
"""Some random real world test"""
firewall = 'f'
fw_address = 'ip_f'
quarantine_test_host = 'q0'
quarantine_test_addr = 'ip_q0'
host_addresses = ['ip_h%d'%(i) for i in xrange(nhosts)]
quarantine_addresses = ['ip_q%d'%(i) for i in xrange(1, nquarantine)]
outside = 'o'
outside_address = 'ip_o'
nodes = [firewall, quarantine_test_host, outside]
addresses = [fw_address, quarantine_test_addr, outside_address]
addresses.extend(quarantine_addresses)
addresses.extend(host_addresses)
ctx = components.Context(nodes, addresses)
net = components.Network (ctx)
outside = components.EndHost(getattr(ctx, outside), net, ctx)
quarantine_test_host = components.EndHost(getattr(ctx, quarantine_test_host), net, ctx)
firewall = components.LearningFirewall(getattr(ctx, firewall), net, ctx)
outside_address = getattr(ctx, outside_address)
fw_address = getattr(ctx, fw_address)
quarantine_test_addr = getattr(ctx, quarantine_test_addr)
#net.SetGateway(outside, firewall)
#net.SetGateway(dmz_test_host, firewall)
net.RoutingTable(firewall, [(outside_address, outside), \
(quarantine_test_addr, quarantine_test_host)])
net.RoutingTable(outside, [(outside_address, outside),
(quarantine_test_addr, firewall)])
net.RoutingTable(quarantine_test_host, [(outside_address, firewall),
(quarantine_test_addr, quarantine_test_host)])
net.setAddressMappings([(outside, outside_address), \
(firewall, fw_address), \
(quarantine_test_host, quarantine_test_addr)])
firewall.AddAcls([(quarantine_test_addr, outside_address), \
(outside_address, quarantine_test_addr)])
for ad in quarantine_addresses:
ad = getattr(ctx, ad)
firewall.AddAcls([(ad, outside_address), (outside_address, ad)])
for ad in host_addresses:
ad = getattr(ctx, ad)
firewall.AddAcls([(outside_address, ad)])
net.Attach(outside, quarantine_test_host, firewall)
class QuarantineRet (object):
def __init__ (self, outside, quarantine, fw, ctx, net):
self.outside = outside
self.quarantine = quarantine
self.fw = fw
self.ctx = ctx
self.net = net
self.check = components.PropertyChecker(ctx, net)
return QuarantineRet(outside, quarantine_test_host, firewall, ctx, net)
def LearningFwTest():
"""Learning firewall test"""
ctx = components.Context (['a', 'b', 'c', 'd', 'fw'],\
['ip_a', 'ip_b', 'ip_c', 'ip_d', 'ip_f'])
net = components.Network(ctx)
a = components.EndHost(ctx.a, net, ctx)
b = components.EndHost(ctx.b, net, ctx)
c = components.EndHost(ctx.c, net, ctx)
d = components.EndHost(ctx.d, net, ctx)
fw = components.LearningFirewall(ctx.fw, net, ctx)
net.setAddressMappings([(a, ctx.ip_a), \
(b, ctx.ip_b), \
(c, ctx.ip_c), \
(d, ctx.ip_d), \
(fw, ctx.ip_f)])
addresses = [ctx.ip_a, ctx.ip_b, ctx.ip_c, ctx.ip_d, ctx.ip_f]
net.RoutingTable(a, [(x, fw) for x in addresses])
net.RoutingTable(b, [(x, fw) for x in addresses])
net.RoutingTable(c, [(x, fw) for x in addresses])
net.RoutingTable(d, [(x, fw) for x in addresses])
net.RoutingTable(fw, [(ctx.ip_a, a), \
(ctx.ip_b, b), \
(ctx.ip_c, c), \
(ctx.ip_d, d)])
net.Attach(a, b, c, d, fw)
endhosts = [a, b, c, d]
fw.AddAcls([(ctx.ip_a, ctx.ip_b), (ctx.ip_c, ctx.ip_d)])
net.Attach(a, b, c, d, fw)
endhosts = [a, b, c, d]
class LearnFwReturn(object):
def __init__(self, net, ctx, a, b, c, d, fw):
self.net = net
self.ctx = ctx
self.a = a
self.b = b
self.c = c
self.d = d
self.fw = fw
self.check = components.PropertyChecker(ctx, net)
return LearnFwReturn(net, ctx, a, b, c, d, fw)
def SimpleIDSShuntTopo(nhosts, nids, nshunts):
# Use different scrubbers for different idses
nfirewalls = nhosts - nids
hosts = ['h%d' % (i) for i in xrange(nhosts)]
host_addresses = ['ip_%s' % h for h in hosts]
idses = ['i%d' % (i) for i in xrange(nids)]
ids_addresses = ['ip_%s' % i for i in idses]
shunts = ['s%d' % (i) for i in xrange(nshunts)]
shunt_addresses = ['ip_%s' % s for s in shunts]
firewalls = ['f%d' % i for i in xrange(nfirewalls)]
firewall_addresses = ['ip_%s' % f for f in firewalls]
nodes = list(hosts)
nodes.extend(idses)
nodes.extend(shunts)
nodes.extend(firewalls)
addresses = list(host_addresses)
addresses.extend(ids_addresses)
addresses.extend(firewall_addresses)
addresses.extend(shunt_addresses)
ctx = components.Context(nodes, addresses)
net = components.Network(ctx)
address_mappings = []
host_concrete = []
for (host, address) in zip(hosts, host_addresses):
host_concrete.append(components.EndHost(getattr(ctx, host), net, ctx))
address_mappings.append((host_concrete[-1], getattr(ctx, address)))
shunt_concrete = []
for (shunt, address) in zip(shunts, shunt_addresses):
shunt_concrete.append(
components.Scrubber(getattr(ctx, shunt), net, ctx))
address_mappings.append((shunt_concrete[-1], getattr(ctx, address)))
ids_concrete = []
for (ids, address, shunt) in zip(idses, ids_addresses,
cycle(shunt_concrete)):
ids_concrete.append(
components.SpreadIDS(getattr(ctx, ids), net, ctx, shunt))
address_mappings.append((ids_concrete[-1], getattr(ctx, address)))
fw_concrete = []
for (fw, address) in zip(firewalls, firewall_addresses):
fw_concrete.append(
components.LearningFirewall(getattr(ctx, fw), net, ctx))
address_mappings.append((fw_concrete[-1], getattr(ctx, address)))
net.setAddressMappings(address_mappings)
for (host, ids) in zip(host_concrete, ids_concrete):
net.SetGateway(host, ids)
# Compute routing tables
for (host, fw) in zip(host_concrete[len(ids_concrete):], fw_concrete):
routing_table = []
for a in host_addresses:
routing_table.append((getattr(ctx, a), fw))
net.RoutingTable(host, routing_table)
for (ids, shunt) in zip(ids_concrete, cycle(shunt_concrete)):
routing_table = []
for (a, i) in zip(host_addresses, ids_concrete):
if str(i) == str(ids):
continue
routing_table.append((getattr(ctx, a), i))
for (a, f) in zip(host_addresses[nids:], fw_concrete):
routing_table.append((getattr(ctx, a), f))
net.RoutingTableShunt(ids, routing_table, shunt)
for (fw, host, ha) in zip(fw_concrete, host_concrete[len(ids_concrete):],
host_addresses[len(ids_concrete):]):
routing_table = []
routing_table.append((getattr(ctx, ha), host))
for (a, i) in zip(host_addresses, ids_concrete):
routing_table.append((getattr(ctx, a), i))
for (a, f) in zip(host_addresses[nids:], fw_concrete):
if str(f) == str(fw):
continue
routing_table.append((getattr(ctx, a), f))
net.RoutingTable(fw, routing_table)
for shunt in shunt_concrete:
routing_table = []
for (a, h) in zip(host_addresses, host_concrete):
routing_table.append((getattr(ctx, a), h))
net.RoutingTable(shunt, routing_table)
# Compute ACLs
fw_acls = []
for a1 in host_addresses[:nids]:
for a2 in host_addresses[nids:]:
fw_acls.append((getattr(ctx, a1), getattr(ctx, a2)))
fw_acls.append((getattr(ctx, a2), getattr(ctx, a1)))
for fw in fw_concrete:
#pass
fw.AddAcls(fw_acls)
#net.Attach(*host_concrete)
#net.Attach(*ids_concrete)
#net.Attach(*fw_concrete)
#net.Attach(*shunt_concrete)
class SimpleIDSShuntRet(object):
def __init__(self):
self.net = net
self.ctx = ctx
self.fws = fw_concrete
self.shunts = shunt_concrete
self.ids = ids_concrete
self.hosts = host_concrete
self.checker = components.PropertyChecker(ctx, net)
return SimpleIDSShuntRet()
def PathLengthTest(size, extra_rules):
fws = ['f_%d' % (f) for f in xrange(0, size)]
# Start with 4 end hosts
end_hosts = ['e_%d' % (e) for e in xrange(0, 2)]
all_nodes = []
all_nodes.extend(end_hosts)
all_nodes.extend(fws)
addresses = ['ip_%s' % (n) for n in all_nodes]
actual_addresses = list(addresses)
additional_addresses = ['ip_d%d' % d for d in xrange(extra_rules)]
actual_addresses.extend(additional_addresses)
ctx = components.Context(all_nodes, actual_addresses)
net = components.Network(ctx)
end_hosts = [
components.EndHost(getattr(ctx, e), net, ctx) for e in end_hosts
]
firewalls = [
components.LearningFirewall(getattr(ctx, f), net, ctx) for f in fws
]
[e0, e1] = end_hosts
all_node_objects = []
all_node_objects.extend(end_hosts)
all_node_objects.extend(firewalls)
addresses = [getattr(ctx, ad) for ad in addresses]
address_mappings = [(ob, ad)
for (ob, ad) in zip(all_node_objects, addresses)]
net.setAddressMappings(address_mappings)
acl_policy = [(ctx.ip_e_0, getattr(ctx, ad))
for ad in additional_addresses]
firewalls[0].AddAcls(acl_policy)
#acl_policy = [(ctx.ip_e_0, ctx.ip_e_1), (ctx.ip_e_1, ctx.ip_e_0)]
#for fw in firewalls:
#fw.AddAcls (acl_policy)
"""Topology
e0 e1
\ /
f0 -- f1 -- .. -- fn"""
for fw_i in xrange(len(firewalls)):
routing_table = [(ctx.ip_e_0, firewalls[fw_i - 1] if fw_i > 0 else e0), \
(ctx.ip_e_1, firewalls[fw_i + 1] if fw_i + 1 < size else e1)]
net.RoutingTable(firewalls[fw_i], routing_table)
routing_table = [(ctx.ip_e_0, e0), \
(ctx.ip_e_1, firewalls[0])]
net.RoutingTable(e0, routing_table)
routing_table = [(ctx.ip_e_0, firewalls[-1]), \
(ctx.ip_e_1, e1)]
net.RoutingTable(e1, routing_table)
net.Attach(*all_node_objects)
node_dict = dict(zip(all_nodes, all_node_objects))
class NumFwResult(object):
def __init__(self, net, ctx, **nodes):
self.net = net
self.ctx = ctx
for k, v in nodes.iteritems():
setattr(self, k, v)
self.check = components.PropertyChecker(ctx, net)
return NumFwResult(net, ctx, **node_dict)
def NoRonoTestPath (ndmz, nhosts, nquarantine, nrouters):
"""Some random real world test"""
fws = ['f_%d'%(f) for f in xrange(0, nrouters)]
fw_addresses = ['ip_%s'%(f) for f in fws]
outside = 'o'
outside_address = 'ip_o'
hosts = ['h%d'%(i) for i in xrange(nhosts)]
dmz = ['d%d'%(i) for i in xrange(ndmz)]
quarantine = ['q%d'%(i) for i in xrange(nquarantine)]
host_addresses = ['ip_%s'%(h) for h in hosts]
dmz_addresses = ['ip_%s'%(d) for d in dmz]
quarantine_addresses = ['ip_%s'%(q) for q in quarantine]
nodes = [outside]
nodes.extend(fws)
nodes.extend(dmz)
nodes.extend(quarantine)
nodes.extend(hosts)
addresses = [outside_address]
addresses.extend(fw_addresses)
addresses.extend(host_addresses)
addresses.extend(dmz_addresses)
addresses.extend(quarantine_addresses)
ctx = components.Context(nodes, addresses)
net = components.Network(ctx)
outside = components.EndHost(getattr(ctx, outside), net, ctx)
outside_address = getattr(ctx, outside_address)
firewalls = [components.LearningFirewall(getattr(ctx, fw), net, ctx) for fw in fws]
fw_addresses = [getattr(ctx, fw_address) for fw_address in fw_addresses]
hosts = [components.EndHost(getattr(ctx, host), net, ctx) for host in hosts]
host_addresses = [getattr(ctx, ha) for ha in host_addresses]
dmz = [components.EndHost(getattr(ctx, d), net, ctx) for d in dmz]
dmz_addresses = [getattr(ctx, da) for da in dmz_addresses]
quarantine = [components.EndHost(getattr(ctx, q), net, ctx) for q in quarantine]
quarantine_addresses = [getattr(ctx, qa) for qa in quarantine_addresses]
addressMap = [(outside, outside_address)]
addressMap.extend(zip(firewalls, fw_addresses))
addressMap.extend(zip(hosts, host_addresses))
addressMap.extend(zip(dmz, dmz_addresses))
addressMap.extend(zip(quarantine, quarantine_addresses))
net.setAddressMappings(addressMap)
for fw_i in xrange(len(firewalls)):
fw_routing_table = [(outside_address, outside) if fw_i == 0 else (outside_address, firewalls[fw_i - 1])]
if fw_i + 1 == nrouters:
fw_routing_table.extend(zip(host_addresses, hosts))
fw_routing_table.extend(zip(dmz_addresses, dmz))
fw_routing_table.extend(zip(quarantine_addresses, quarantine))
else:
fw_routing_table.extend(zip(host_addresses, repeat(firewalls[fw_i + 1])))
fw_routing_table.extend(zip(dmz_addresses, repeat(firewalls[fw_i + 1])))
fw_routing_table.extend(zip(quarantine_addresses, repeat(firewalls[fw_i + 1])))
net.RoutingTable(firewalls[fw_i], fw_routing_table)
other_routing_table = [(outside_address, outside)]
other_routing_table.extend([(ad, firewalls[0]) for ad in host_addresses])
other_routing_table.extend([(ad, firewalls[0]) for ad in dmz_addresses])
other_routing_table.extend([(ad, firewalls[0]) for ad in quarantine_addresses])
net.RoutingTable(outside, other_routing_table)
other_routing_table = [(outside_address, firewalls[-1])]
other_routing_table.extend([(ad, firewalls[-1]) for ad in host_addresses])
other_routing_table.extend([(ad, firewalls[-1]) for ad in dmz_addresses])
other_routing_table.extend([(ad, firewalls[-1]) for ad in quarantine_addresses])
for host in hosts:
net.RoutingTable(host, other_routing_table)
for host in dmz:
net.RoutingTable(host, other_routing_table)
for host in quarantine:
net.RoutingTable(host, other_routing_table)
for ad in host_addresses:
firewalls[0].AddAcls([(outside_address, ad)])
for ad in quarantine_addresses:
firewalls[0].AddAcls([(ad, outside_address), (outside_address, ad)])
all_nodes = [outside]
all_nodes.extend(firewalls)
all_nodes.extend(hosts)
all_nodes.extend(dmz)
all_nodes.extend(quarantine)
net.Attach(*all_nodes)
class AllRet(object):
def __init__ (self, outside, firewalls, quarantine, hosts, dmz, ctx, net):
self.outside = outside
self.firewall = firewalls
self.quarantine = quarantine
self.hosts = hosts
self.dmz = dmz
self.ctx = ctx
self.net = net
self.check = components.PropertyChecker(ctx, net)
return AllRet(outside, firewalls, quarantine, hosts, dmz, ctx, net)