def __init__(self): # Garden Wall def redirectToGardenWall(): client_ips = [IP('10.0.0.1'), IP('10.0.0.2')] rewrite_policy = rewriteDstIPAndMAC(client_ips, '10.0.0.3') return rewrite_policy ### DEFINE THE LPEC FUNCTION def lpec(f): # Your logic here # return match = return match(srcip=f['srcip']) ## SET UP TRANSITION FUNCTIONS @transition def exempt(self): self.case(occurred(self.event), self.event) @transition def infected(self): self.case(occurred(self.event), self.event) @transition def policy(self): # If exempt, redirect to gardenwall. # - rewrite dstip to 10.0.0.3 self.case(test_and_true(V('exempt'), V('infected')), C(redirectToGardenWall())) # If infected, drop # Your logic here # self.case () self.case(is_true(V('infected')), C(drop)) # Else, identity self.default(C(identity)) ### SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef( infected=FSMVar(type=BoolType(), init=False, trans=infected), # Your logic here # exempt = # policy = exempt=FSMVar(type=BoolType(), init=False, trans=exempt), policy=FSMVar(type=Type(Policy, {redirectToGardenWall(), drop, identity}), init=identity, trans=policy)) ### SET UP POLICY AND EVENT STREAMS fsm_pol = FSMPolicy(lpec, self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(gardenwall, self).__init__(fsm_pol)
def __init__(self): ### 1. DEFINE THE LPEC FUNCTION def lpec(f): return match(srcip=f['srcip']) ### 2. SET UP TRANSITION FUNCTIONS @transition def counter(self): for i in range(Monitor1.m): self.case(V('counter')==C(i),C(i+1)) self.default(C(0)) @transition def infected(self): self.case(is_true((V('counter')>C(Monitor1.v2)) & (V('counter')<=C(Monitor1.m))), C(True)) self.default(C(False)) @transition def policy(self): # If "infected" is True, change policy to "drop" self.case(is_true(V('infected')),C(drop)) # Default policy is "indentity", which is "allow". self.default(C(identity)) ### 3. SET UP THE FSM DESCRIPTION self.fsm_def =FSMDef( counter=FSMVar(type=Type(int,set(Monitor1.rates)),init=0,trans=counter), infected=FSMVar(type=BoolType(),init=False, trans=infected), policy=FSMVar(type=Type(Policy,{drop,identity}), init=identity, trans=policy)) ### 4. SET UP POLICY AND EVENT STREAMS fsm_pol = FSMPolicy(lpec,self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(Monitor1,self).__init__(fsm_pol)
def __init__(self): ### DEFINE THE LPEC FUNCTION def lpec(f): return match(srcip=f['srcip']) ## SET UP TRANSITION FUNCTIONS @transition def authenticated(self): self.case(occurred(self.event), self.event) @transition def policy(self): self.case(is_true(V('authenticated')), C(identity)) self.default(C(drop)) ### SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef(authenticated=FSMVar(type=BoolType(), init=False, trans=authenticated), policy=FSMVar(type=Type(Policy, {drop, identity}), init=drop, trans=policy)) ### SET UP POLICY AND EVENT STREAMS fsm_pol = FSMPolicy(lpec, self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(auth_only, self).__init__(fsm_pol)
def __init__(self): ### DEFINE THE LPEC FUNCTION def lpec(f): return match(srcip=f['srcip']) ## SET UP TRANSITION FUNCTIONS @transition def authenticated(self): self.case(occurred(self.event),self.event) @transition def policy(self): self.case(is_true(V('authenticated')),C(identity)) self.default(C(drop)) ### SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef( authenticated=FSMVar(type=BoolType(), init=False, trans=authenticated), policy=FSMVar(type=Type(Policy,{drop,identity}), init=drop, trans=policy)) ### SET UP POLICY AND EVENT STREAMS fsm_pol = FSMPolicy(lpec,self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(auth,self).__init__(fsm_pol)
def __init__(self): # Garden Wall def redirectToGardenWall(): client_ips = [IP('10.0.0.1'), IP('10.0.0.2')] rewrite_policy = rewriteDstIPAndMAC(client_ips, '10.0.0.3') return rewrite_policy ### DEFINE THE LPEC FUNCTION def lpec(f): # Your logic here return match(srcip=f['srcip']) ## SET UP TRANSITION FUNCTIONS @transition def exempt(self): self.case(occurred(self.event),self.event) @transition def infected(self): self.case(occurred(self.event),self.event) @transition def policy(self): # If exempt, redirect to gardenwall. # - rewrite dstip to 10.0.0.3 self.case(test_and_true(V('exempt'),V('infected')), C(redirectToGardenWall())) # If infected, drop # Your logic here self.case(is_true(V('infected')),C(drop)) # Else, identity self.default(C(identity)) ### SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef( infected=FSMVar(type=BoolType(), init=False, trans=infected), # Your logic here exempt=FSMVar(type=BoolType(), init=False, trans=exempt), policy=FSMVar(type=Type(Policy,{drop,identity,redirectToGardenWall()}), init=identity, trans=policy) ) ### SET UP POLICY AND EVENT STREAMS fsm_pol = FSMPolicy(lpec,self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(gardenwall,self).__init__(fsm_pol)
def __init__(self): # List of servers vm_prov.serverList = ['10.0.0.3','10.0.0.4','10.0.0.5','10.0.0.6','10.0.0.7','10.0.0.8'] # Choose randomly def fwdToThisServer(which_srv): client_ips = [IP('10.0.0.1'), IP('10.0.0.2')] if which_srv > -1 and which_srv < len(vm_prov.serverList): server_ip_str = self.serverList[which_srv] else: server_ip_str = '10.0.0.3' # default rewrite_policy = rewriteDstIPAndMAC_Public(client_ips, '10.0.0.100', server_ip_str) return rewrite_policy ### DEFINE THE LPEC FUNCTION def lpec(f): return match(srcip=f['srcip'],dstip=f['dstip']) ## SET UP TRANSITION FUNCTIONS @transition def load(self): self.case(occurred(self.event),self.event) @transition def policy(self): lightLoad = NonDetermPolicy([fwdToThisServer(i) for i in range(1)]) mediumLoad = NonDetermPolicy([fwdToThisServer(i) for i in range(len(vm_prov.serverList)/2)]) heavyLoad = NonDetermPolicy([fwdToThisServer(i+1) for i in range(len(vm_prov.serverList)-1)]) self.case((V('load')==C(1)) , C(lightLoad)) self.case((V('load')==C(2)) , C(mediumLoad)) self.case((V('load')==C(3)) , C(heavyLoad)) # Else, to primary self.default(C(fwdToThisServer(0))) ### SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef( load=FSMVar(type=Type(int,{1,2,3}), init=1, trans=load), policy=FSMVar(type=Type(Policy,set([fwdToThisServer(i) for i in range(len(vm_prov.serverList))])), init=fwdToThisServer(0), trans=policy)) ### SET UP POLICY AND EVENT STREAMS fsm_pol = FSMPolicy(lpec,self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(vm_prov,self).__init__(fsm_pol)
def __init__(self): ### DEFINE INTERNAL METHODS rates = [1,2,3] def interswitch(): return if_(match(inport=2),fwd(1),fwd(2)) def routing(): match_inter = union([match(switch=2),match(switch=3),match(switch=4)]) match_inport = union([match(inport=2),match(inport=3),match(inport=4)]) r = if_(match_inter,interswitch(), if_(match_inport, fwd(1), drop)) return r def rate_limit_policy(i): match_from_edge = (union([match(switch=1),match(switch=5)]) & match(inport=1)) return if_(match_from_edge, fwd(i), routing()) ### DEFINE THE LPEC FUNCTION def lpec(f): h1 = f['srcip'] h2 = f['dstip'] return union([match(srcip=h1,dstip=h2),match(srcip=h2,dstip=h1)] ) ### SET UP TRANSITION FUNCTIONS @transition def rate(self): self.case(occurred(self.event),self.event) @transition def policy(self): for i in rates: self.case(V('rate')==C(i), C(rate_limit_policy(i+1))) ### SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef( rate=FSMVar(type=Type(int,set(rates)), init=1, trans=rate), policy=FSMVar(type=Type(Policy,set([rate_limit_policy(i+1) for i in rates ])), init=rate_limit_policy(2), trans=policy)) # Instantiate FSMPolicy, start/register JSON handler. fsm_pol = FSMPolicy(lpec, self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(rate_limiter,self).__init__(fsm_pol)
def __init__(self): super(pyretic_gardenwall,self).__init__() # JSON event listener json_event = JSONEvent() json_event.register_callback(self.event_handler) # flow--state map self.flow_state_map = {} self.policy = passthrough
def __init__(self): super(pyretic_gardenwall, self).__init__() # JSON event listener json_event = JSONEvent() json_event.register_callback(self.event_handler) # flow--state map self.flow_state_map = {} self.policy = passthrough
def __init__ (self): self.listenTo(core.openflow) # JSON event listener json_event = JSONEvent() json_event.register_callback(self.event_handler) # The Switch self.eventSwitch = None # flow--state map self.flow_state_map = {} log.debug("Enabling Firewall Module")
def __init__(self): self.listenTo(core.openflow) # JSON event listener json_event = JSONEvent() json_event.register_callback(self.event_handler) # The Switch self.eventSwitch = None # flow--state map self.flow_state_map = {} log.debug("Enabling Firewall Module")
def __init__(self): ### 1. DEFINE THE LPEC FUNCTION def lpec(f): # Packets with same source IP # will have a same "state" (thus, same policy applied). return match(srcip=f['srcip']) ### 2. SET UP TRANSITION FUNCTIONS @transition def infected(self): # Return the variable's own value. # If True, return True. If False, return False. self.case(occurred(self.event),self.event) @transition def policy(self): # If "infected" is True, change policy to "drop" self.case(is_true(V('infected')),C(drop)) # Default policy is "indentity", which is "allow". self.default(C(identity)) ### 3. SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef( infected=FSMVar(type=BoolType(), init=False, trans=infected), policy=FSMVar(type=Type(Policy,{drop,identity}), init=identity, trans=policy)) ### 4. SET UP POLICY AND EVENT STREAMS ### This part pretty much remains same for any application fsm_pol = FSMPolicy(lpec,self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) ### This part pretty much remains same for any application # Specify application class name here. (e.g., "ids") super(ids,self).__init__(fsm_pol)
def __init__(self): ### 1. DEFINE THE LPEC FUNCTION def lpec(f): # Packets with same source IP # will have a same "state" (thus, same policy applied). return match(srcip=f['srcip']) ### 2. SET UP TRANSITION FUNCTIONS @transition def infected(self): # Return the variable's own value. # If True, return True. If False, return False. self.case(occurred(self.event),self.event) @transition def policy(self): # If "infected" is True, change policy to "drop" self.case(is_true(V('infected')),C(drop)) # Default policy is "indentity", which is "allow". self.default(C(identity)) ### 3. SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef( infected=FSMVar(type=BoolType(), init=False, trans=infected), policy=FSMVar(type=Type(Policy,{drop,identity}), init=identity, trans=policy)) ### 4. SET UP POLICY AND EVENT STREAMS ### This part pretty much remains same for any application fsm_pol = FSMPolicy(lpec,self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) ### This part pretty much remains same for any application # Specify application class name here. (e.g., "ids") super(ids_only,self).__init__(fsm_pol)
def lpec(f): # Your logic here # return match = ## SET UP TRANSITION FUNCTIONS @transition def exempt(self): self.case(occurred(self.event),self.event) @transition def infected(self): self.case(occurred(self.event),self.event) @transition def policy(self): # If exempt, redirect to gardenwall. # - rewrite dstip to 10.0.0.3 self.case(test_and_true(V('exempt'),V('infected')), C(redirectToGardenWall())) # If infected, drop # Your logic here # self.case () # Else, identity self.default(C(identity)) ### SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef( infected=FSMVar(type=BoolType(), init=False, trans=infected), # Your logic here # exempt = # policy = ) ### SET UP POLICY AND EVENT STREAMS fsm_pol = FSMPolicy(lpec,self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(gardenwall,self).__init__(fsm_pol)
def __init__(self): v1 = 2 v2 = 7 m = 10 rates = [0, v1, v2, m] counter = 0 ### 1. DEFINE THE LPEC FUNCTION def lpec(f): return match(srcip=f['srcip']) ### 2. SET UP TRANSITION FUNCTIONS @transition def counter(self): self.counter += 1 self.case(occured(self.event), self.event) @transition def policy(self): # If "infected" is True, change policy to "drop" if ((is_true(V(counter) >= rates[2]) and is_true(V(counter) < rates[3]))): self.case((is_true(V(counter) >= rates[2]) and is_true(V(counter) < rates[3])), C(drop)) # Default policy is "indentity", which is "allow". self.default(C(identity)) ### 3. SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef(counter=FSMVar(type=int(), init=counter, trans=counter), policy=FSMVar(type=Type(Policy, {drop, identity}), init=identity, trans=policy)) ### 4. SET UP POLICY AND EVENT STREAMS fsm_pol = FSMPolicy(lpec, self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(Monitor1, self).__init__(fsm_pol)
def __init__(self): self.q = count_bytes(1, ['srcip', 'dstip']) self.set_rate_2 = False self.set_rate_3 = False def packet_count_printer(counts): print '==== Count Bytes====' print str(counts) + '\n' for m in counts: idx = str(m).find('srcip') idx2 = str(m).find('dstip') sip = str(m)[idx:idx2].lstrip("srcip', ").rstrip(") ('") dip = str(m)[idx2:].lstrip("dstip', ").rstrip(")") if counts[m] > BYTES_FOR_RATE2 and BYTES_FOR_RATE3 > counts[ m] and self.set_rate_2 is False: cmd = BASE_CMD + ' 2 --flow="{srcip=' + sip + ',dstip=' + dip + '}" -a 127.0.0.1 -p 50001' p1 = subprocess.Popen([cmd], shell=True) p1.communicate() self.set_rate_2 = True elif counts[m] > BYTES_FOR_RATE3 and self.set_rate_3 is False: cmd = BASE_CMD + ' 3 --flow="{srcip=' + sip + ',dstip=' + dip + '}" -a 127.0.0.1 -p 50001' p1 = subprocess.Popen([cmd], shell=True) p1.communicate() self.set_rate_3 = True def monitoring(): return self.q + passthrough ### DEFINE THE LPEC FUNCTION def lpec(f): return match(srcip=f['srcip']) ## SET UP TRANSITION FUNCTIONS @transition def mon(self): self.case(occurred(self.event), self.event) @transition def policy_trans(self): self.case(is_true(V('monitor')), C(monitoring())) self.default(C(identity)) ### SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef(monitor=FSMVar(type=BoolType(), init=False, trans=mon), policy=FSMVar(type=Type( Policy, set([identity, monitoring()])), init=monitoring(), trans=policy_trans)) ### Set up monitoring self.q.register_callback(packet_count_printer) ### SET UP POLICY AND EVENT STREAMS fsm_pol = FSMPolicy(lpec, self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(monitor, self).__init__(fsm_pol)
def __init__(self): self.q = count_bytes(1,['srcip','dstip']) self.set_rate_2 = False self.set_rate_3 = False def packet_count_printer(counts): print '==== Count Bytes====' print str(counts) + '\n' for m in counts: idx = str(m).find('srcip') idx2 = str(m).find('dstip') sip = str(m)[idx:idx2].lstrip("srcip', ").rstrip(") ('") dip = str(m)[idx2:].lstrip("dstip', ").rstrip(")") if counts[m] > BYTES_FOR_RATE2 and BYTES_FOR_RATE3 > counts[m] and self.set_rate_2 is False: cmd = BASE_CMD + ' 2 --flow="{srcip=' + sip +',dstip='+dip+'}" -a 127.0.0.1 -p 50001' p1 = subprocess.Popen([cmd], shell=True) p1.communicate() self.set_rate_2 = True elif counts[m] > BYTES_FOR_RATE3 and self.set_rate_3 is False: cmd = BASE_CMD + ' 3 --flow="{srcip=' + sip +',dstip='+dip+'}" -a 127.0.0.1 -p 50001' p1 = subprocess.Popen([cmd], shell=True) p1.communicate() self.set_rate_3 = True def monitoring(): return self.q + passthrough ### DEFINE THE LPEC FUNCTION def lpec(f): return match(srcip=f['srcip']) ## SET UP TRANSITION FUNCTIONS @transition def mon(self): self.case(occurred(self.event),self.event) @transition def policy_trans(self): self.case(is_true(V('monitor')),C(monitoring())) self.default(C(identity)) ### SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef( monitor=FSMVar(type=BoolType(), init=False, trans=mon), policy=FSMVar(type=Type(Policy,set([identity,monitoring()])), init=monitoring(), trans=policy_trans)) ### Set up monitoring self.q.register_callback(packet_count_printer) ### SET UP POLICY AND EVENT STREAMS fsm_pol = FSMPolicy(lpec,self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(monitor,self).__init__(fsm_pol)
def __init__(self): # Server list. self.servers = { '10.0.0.3': '00:00:00:00:00:03', '10.0.0.4': '00:00:00:00:00:04', '10.0.0.5': '00:00:00:00:00:05' } # Randmoly choose a server from the list def randomly_choose_server(servermap): return server_i_policy(choice(servermap.keys())) # Forward to i-th server def server_i_policy(i): ip_list = self.servers.keys() ip_str = str(i) mac_str = self.servers[ip_str] public_ip = IP('10.0.0.100') client_ips = [IP('10.0.0.1'), IP('10.0.0.2')] receive_ip = [IP(ip_str)] * len(client_ips) rewrite_ip_policy = rewrite(zip(client_ips, receive_ip), public_ip) rewrite_mac_policy = if_(match(dstip=IP(ip_str), ethtype=2048), modify(dstmac=MAC(mac_str)), passthrough) return rewrite_ip_policy >> rewrite_mac_policy # Rewrite IP address. def rewrite(d, p): return intersection([subs(c, r, p) for c, r in d]) # subroutine of rewrite() def subs(c, r, p): c_to_p = match(srcip=c, dstip=p) r_to_c = match(srcip=r, dstip=c) return ((c_to_p >> modify(dstip=r)) + (r_to_c >> modify(srcip=p)) + (~r_to_c >> ~c_to_p)) ### DEFINE THE FLEC FUNCTION def lpec(f): return match(srcip=f['srcip']) ## SET UP TRANSITION FUNCTIONS @transition def server(self): self.case(occurred(self.event), self.event) @transition def policy(self): self.servers = { '10.0.0.3': '00:00:00:00:00:03', '10.0.0.4': '00:00:00:00:00:04', '10.0.0.5': '00:00:00:00:00:05' } self.case(is_true(V('server')), C(randomly_choose_server(self.servers))) self.default(C(server_i_policy(self.servers.keys()[1]))) ### SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef( server=FSMVar(type=BoolType(), init=False, trans=server), policy=FSMVar(type=Type( Policy, set([server_i_policy(i) for i in self.servers])), init=server_i_policy(choice(self.servers.keys())), trans=policy)) # Instantiate FSMPolicy, start/register JSON handler. fsm_pol = FSMPolicy(lpec, self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(serverlb, self).__init__(fsm_pol)
def __init__(self): ### 1. DEFINE THE LPEC FUNCTION def lpec(f): # Packets with same source IP # will have a same "state" (thus, same policy applied). h1=f['srcip'] h2=f['dstip'] return ( match (srcip=h1 , dstip=h2 ) | match (srcip =h2 , dstip=h1 ) ) ### 2. SET UP TRANSITION FUNCTIONS @transition def R0(self): self.case(occurred(self.event),self.event) def R1(self): if(h1==A and port = '2222'): self.case(is_true(V('!R1')),C(True)) else: self.default(C(False)) def R2(self): if(h1==A and h2==F): self.case(is_true(V('!R2')),C(True)) else: self.default(C(False)) def R3(self): if(h1==A and h2==D): self.case(is_true(V('!R3')),C(True)) else: self.default(C(False)) def R4(self): if(h1==A): self.case(is_true(V('!R4')),C(True)) else: self.default(C(False)) @transition def policy(self): # If "infected" is True, change policy to "drop" if('R4'): self.case(is_true(V('R4')),C(drop)) elif('R3'): self.case(is_true(V('R3')),C(drop)) self.default(C(fwd())) # Default policy is "indentity", which is "allow". self.default(C(identity)) self.fsm_def =FSMDef( R0=FSMVar(type=BoolType(),inti=True,Trans=R0), R1=FSMVar(type=BoolType(),init=False,Trans=R1), R2=FSMVar(type=BoolType(),init=False,Trans=R2), R3=FSMVar(type=BoolType(),init=False,Trans=R3), R4=FSMVar(type=BoolType(),init=False,Trans=R4), policy=FSMVar(type=Type(policy,{drop,fwd()}), init=fwd(), trans=policy)) ### 4. SET UP POLICY AND EVENT STREAMS ### This part pretty much remains same for any application fsm_pol = FSMPolicy(lpec,self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler)
def __init__(self): ### DEFINE INTERNAL METHODS self.links = [1,2,3] def interswitch(): return if_(match(inport=2),fwd(1),fwd(2)) def routing(): match_inter = union([match(switch=2),match(switch=3),match(switch=4)]) match_inport = union([match(inport=2),match(inport=3),match(inport=4)]) r = if_(match_inter,interswitch(), if_(match_inport, fwd(1), drop)) return r def randomly_choose_link(): return traffic_lb_policy(choice(self.links)+1) def traffic_lb_policy(i): match_from_edge = (union([match(switch=1),match(switch=5)]) & match(inport=1)) return if_(match_from_edge, fwd(i), routing()) ### DEFINE THE LPEC FUNCTION def lpec(f): h1 = f['srcip'] h2 = f['dstip'] return union([match(srcip=h1,dstip=h2),match(srcip=h2,dstip=h1)] ) ### SET UP TRANSITION FUNCTIONS @transition def lb(self): self.case(occurred(self.event),self.event) @transition def policy(self): self.case(is_true(V('lb')),C(randomly_choose_link())) self.default(C(traffic_lb_policy(2))) ### SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef( lb=FSMVar(type=BoolType(), init=False, trans=lb), policy=FSMVar(type=Type(Policy,set([traffic_lb_policy(i+1) for i in self.links ])), init=traffic_lb_policy(2), trans=policy)) # Instantiate FSMPolicy, start/register JSON handler. fsm_pol = FSMPolicy(lpec, self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(traffic_lb,self).__init__(fsm_pol)
def __init__(self): ### DEFINE INTERNAL METHODS rates = [1, 2, 3] def interswitch(): return if_(match(inport=2), fwd(1), fwd(2)) def routing(): match_inter = union( [match(switch=2), match(switch=3), match(switch=4)]) match_inport = union( [match(inport=2), match(inport=3), match(inport=4)]) r = if_(match_inter, interswitch(), if_(match_inport, fwd(1), drop)) return r def rate_limit_policy(i): match_from_edge = ( union([match(switch=1), match(switch=5)]) & match(inport=1)) return if_(match_from_edge, fwd(i), routing()) ### DEFINE THE LPEC FUNCTION def lpec(f): h1 = f['srcip'] h2 = f['dstip'] return union( [match(srcip=h1, dstip=h2), match(srcip=h2, dstip=h1)]) ### SET UP TRANSITION FUNCTIONS @transition def rate(self): self.case(occurred(self.event), self.event) @transition def policy(self): for i in rates: self.case(V('rate') == C(i), C(rate_limit_policy(i + 1))) ### SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef( rate=FSMVar(type=Type(int, set(rates)), init=1, trans=rate), policy=FSMVar(type=Type( Policy, set([rate_limit_policy(i + 1) for i in rates])), init=rate_limit_policy(2), trans=policy)) # Instantiate FSMPolicy, start/register JSON handler. fsm_pol = FSMPolicy(lpec, self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(rate_limiter, self).__init__(fsm_pol)
def __init__(self): ### DEFINE INTERNAL METHODS self.links = [1, 2, 3] def interswitch(): return if_(match(inport=2), fwd(1), fwd(2)) def routing(): match_inter = union( [match(switch=2), match(switch=3), match(switch=4)]) match_inport = union( [match(inport=2), match(inport=3), match(inport=4)]) r = if_(match_inter, interswitch(), if_(match_inport, fwd(1), drop)) return r def randomly_choose_link(): return traffic_lb_policy(choice(self.links) + 1) def traffic_lb_policy(i): match_from_edge = ( union([match(switch=1), match(switch=5)]) & match(inport=1)) return if_(match_from_edge, fwd(i), routing()) ### DEFINE THE LPEC FUNCTION def lpec(f): h1 = f['srcip'] h2 = f['dstip'] return union( [match(srcip=h1, dstip=h2), match(srcip=h2, dstip=h1)]) ### SET UP TRANSITION FUNCTIONS @transition def lb(self): self.case(occurred(self.event), self.event) @transition def policy(self): self.case(is_true(V('lb')), C(randomly_choose_link())) self.default(C(traffic_lb_policy(2))) ### SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef( lb=FSMVar(type=BoolType(), init=False, trans=lb), policy=FSMVar(type=Type( Policy, set([traffic_lb_policy(i + 1) for i in self.links])), init=traffic_lb_policy(2), trans=policy)) # Instantiate FSMPolicy, start/register JSON handler. fsm_pol = FSMPolicy(lpec, self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(traffic_lb, self).__init__(fsm_pol)
def __init__(self): # Garden Wall def redirectToGardenWall(): client_ips = [IP('10.0.0.1'), IP('10.0.0.2')] rewrite_policy = rewriteDstIPAndMAC(client_ips, '10.0.0.3') return rewrite_policy def rewriteDstIPAndMAC(client_ips, garden_ip_str): garden_mac = MAC('00:00:00:00:00:03') garden_ip = IP(garden_ip_str) match_ip_policy = (union([match(dstip=client_ips[0]), match(dstip=client_ips[1])])) change_ip_policy = (modify(dstip=garden_ip)) change_ip_success = (match(dstip=garden_ip)) change_mac_policy = (modify(dstmac=garden_mac)) # r = match_ip_policy # r = change_ip_policy # r = change_ip_success return match_ip_policy >> change_ip_policy >> change_mac_policy ### DEFINE THE LPEC FUNCTION def lpec(f): return match(srcip=f['srcip']) ## SET UP TRANSITION FUNCTIONS @transition def exempt(self): self.case(occurred(self.event),self.event) @transition def infected(self): self.case(occurred(self.event),self.event) @transition def policy(self): # If exempt, redirect to gardenwall. # - rewrite dstip to 10.0.0.3 self.case(test_and_true(V('exempt'),V('infected')), C(redirectToGardenWall())) # If infected, drop self.case(is_true(V('infected')), C(drop)) # Else, identity self.default(C(identity)) ### SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef( infected = FSMVar(type=BoolType(), init=False, trans=infected), exempt = FSMVar(type = BoolType(), init = False, trans = exempt), policy = FSMVar(type = Type(Policy, {redirectToGardenWall(), drop, identity}), init = identity, trans = policy) ) ### SET UP POLICY AND EVENT STREAMS fsm_pol = FSMPolicy(lpec,self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(gardenwall,self).__init__(fsm_pol)
def __init__(self): # Server list. self.servers = { "10.0.0.3": "00:00:00:00:00:03", "10.0.0.4": "00:00:00:00:00:04", "10.0.0.5": "00:00:00:00:00:05", } # Randmoly choose a server from the list def randomly_choose_server(servermap): return server_i_policy(choice(servermap.keys())) # Forward to i-th server def server_i_policy(i): ip_list = self.servers.keys() ip_str = str(i) mac_str = self.servers[ip_str] public_ip = IP("10.0.0.100") client_ips = [IP("10.0.0.1"), IP("10.0.0.2")] receive_ip = [IP(ip_str)] * len(client_ips) rewrite_ip_policy = rewrite(zip(client_ips, receive_ip), public_ip) rewrite_mac_policy = if_(match(dstip=IP(ip_str), ethtype=2048), modify(dstmac=MAC(mac_str)), passthrough) return rewrite_ip_policy >> rewrite_mac_policy # Rewrite IP address. def rewrite(d, p): return intersection([subs(c, r, p) for c, r in d]) # subroutine of rewrite() def subs(c, r, p): c_to_p = match(srcip=c, dstip=p) r_to_c = match(srcip=r, dstip=c) return (c_to_p >> modify(dstip=r)) + (r_to_c >> modify(srcip=p)) + (~r_to_c >> ~c_to_p) ### DEFINE THE FLEC FUNCTION def lpec(f): return match(srcip=f["srcip"]) ## SET UP TRANSITION FUNCTIONS @transition def server(self): self.case(occurred(self.event), self.event) @transition def policy(self): self.servers = { "10.0.0.3": "00:00:00:00:00:03", "10.0.0.4": "00:00:00:00:00:04", "10.0.0.5": "00:00:00:00:00:05", } self.case(is_true(V("server")), C(randomly_choose_server(self.servers))) self.default(C(server_i_policy(self.servers.keys()[1]))) ### SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef( server=FSMVar(type=BoolType(), init=False, trans=server), policy=FSMVar( type=Type(Policy, set([server_i_policy(i) for i in self.servers])), init=server_i_policy(choice(self.servers.keys())), trans=policy, ), ) # Instantiate FSMPolicy, start/register JSON handler. fsm_pol = FSMPolicy(lpec, self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(serverlb, self).__init__(fsm_pol)
def __init__(self, internal_hosts, ih_prd): ### DEFINE THE LPEC FUNCTION def lpec(f): hosts = list() internal_h, external_h = None, None hosts.append(f['srcip']) hosts.append(f['dstip']) for host in hosts: if host in internal_hosts: internal_h = host else: external_h = host if internal_h is None or external_h is None: return None return (match(srcip=internal_h, dstip=external_h) | match(srcip=external_h, dstip=internal_h)) ## SET UP TRANSITION FUNCTIONS @transition def outgoing(self): self.case(is_true(V('timeout')), C(False)) self.case(occurred(self.event), self.event) @transition def timeout(self): self.case(occurred(self.event), self.event) self.default(C(False)) @transition def policy(self): self.case(is_true(V('timeout')), C(ih_prd)) self.case(is_true(V('outgoing')), C(identity)) self.default(C(ih_prd)) ### SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef(outgoing=FSMVar(type=BoolType(), init=False, trans=outgoing), timeout=FSMVar(type=BoolType(), init=False, trans=timeout), policy=FSMVar(type=Type(Policy, [identity, ih_prd]), init=ih_prd, trans=policy)) ### DEFINE QUERY CALLBACKS def q_callback(pkt): flow = frozendict(srcip=pkt['srcip'], dstip=pkt['dstip']) return fsm_pol.event_handler(Event('outgoing', True, flow)) ### SET UP POLICY AND EVENT STREAMS fsm_pol = FSMPolicy(lpec, self.fsm_def) q = FwdBucket() q.register_callback(q_callback) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(sf, self).__init__(fsm_pol + (ih_prd >> q))
def __init__(self): ### DEFINE THE LPEC FUNCTION def lpec(f): return match(srcip=f['srcip']) ## SET UP TRANSITION FUNCTIONS @transition def R0(self): self.case(occurred(self.event), self.event) @transition def R1(self): self.case(occurred(self.event), self.event) @transition def R2(self): self.case(occurred(self.event), self.event) @transition def R3(self): self.case(occurred(self.event), self.event) @transition def R4(self): self.case(occurred(self.event), self.event) @transition def R5(self): self.case(occurred(self.event), self.event) @transition def infected(self): self.case(is_true(V('R1')) or is_true(V('R3')), C(True)) self.default(C(False)) @transition def policy(self): # If exempt, redirect to gardenwall. # - rewrite dstip to 10.0.0.3 # If infected, drop self.case(is_true(V('infected')), C(drop)) # Else, identity self.default(C(identity)) ### SET UP THE FSM DESCRIPTION self.fsm_def = FSMDef(R0=FSMVar(type=BoolType(), init=False, trans=R0), R1=FSMVar(type=BoolType(), init=False, trans=R1), R2=FSMVar(type=BoolType(), init=False, trans=R2), R3=FSMVar(type=BoolType(), init=False, trans=R3), R4=FSMVar(type=BoolType(), init=False, trans=R4), R5=FSMVar(type=BoolType(), init=False, trans=R5), infected=FSMVar(type=BoolType(), init=False, trans=infected), policy=FSMVar(type=Type(Policy, {drop, identity}), init=identity, trans=policy)) ### SET UP POLICY AND EVENT STREAMS fsm_pol = FSMPolicy(lpec, self.fsm_def) json_event = JSONEvent() json_event.register_callback(fsm_pol.event_handler) super(Firewall, self).__init__(fsm_pol)