def add_block_rule(self, rule_action, src_ip, dst_ip, trans_proto, port): switch_list = get_switch(self.topology_api_app, None) for switch in switch_list: datapath = switch.dp parser = datapath.ofproto_parser actions = [] # drop # initial match field match_dict = {'eth_type': ether.ETH_TYPE_IP} # fill into the layer3 and layer 4 protocol # if port == 0, means block all protocol if port >= 0: if trans_proto == inet.IPPROTO_TCP: match_dict.update({ 'ip_proto': trans_proto, 'tcp_dst': port }) else: # udp match_dict.update({ 'ip_proto': trans_proto, 'udp_dst': port }) if len(src_ip) > 0: # not '' match_dict.update({'ipv4_src': src_ip}) if len(dst_ip) > 0: # not '' match_dict.update({'ipv4_dst': dst_ip}) match = parser.OFPMatch(**match_dict) settings = firewall_settings.load() fw_priority = settings['priority'] if rule_action == 'add': ofp_helper.add_flow(datapath, fw_priority, match, actions) elif rule_action == 'delete': # 'off' ofp_helper.del_flow(datapath, match, fw_priority) self._request_stats(datapath) # update flow list
def _flow_stats_reply_handler(self, ev): settings = firewall_settings.load() settings['blocking_rule'] = [] body = ev.msg.body for stat in body: flow = {} if (stat.instructions == []): flow.update({'srcIP': stat.match.get('ipv4_src')}) flow.update({'dstIP': stat.match.get('ipv4_dst')}) if (stat.match.get('ip_proto') == inet.IPPROTO_TCP): flow.update({'tranPort': stat.match.get('tcp_dst')}) flow.update({'tranProtocol': 'TCP'}) elif (stat.match.get('ip_proto') == inet.IPPROTO_UDP): flow.update({'tranPort': stat.match.get('udp_dst')}) flow.update({'tranProtocol': 'UDP'}) else: flow.update({'tranPort': ''}) flow.update({'tranProtocol': ''}) settings['blocking_rule'].append(flow) firewall_settings.save(settings)
def add_block_rule(self, rule_action, src_ip, dst_ip, trans_proto, port): switch_list = get_switch(self.topology_api_app, None) for switch in switch_list: datapath = switch.dp parser = datapath.ofproto_parser actions = [] # drop # initial match field match_dict = {'eth_type': ether.ETH_TYPE_IP} # fill into the layer3 and layer 4 protocol # if port == 0, means block all protocol if port >= 0: if trans_proto == inet.IPPROTO_TCP: match_dict.update({'ip_proto': trans_proto, 'tcp_dst': port}) else: # udp match_dict.update({'ip_proto': trans_proto, 'udp_dst': port}) if len(src_ip) > 0: # not '' match_dict.update({'ipv4_src': src_ip}) if len(dst_ip) > 0: # not '' match_dict.update({'ipv4_dst': dst_ip}) match = parser.OFPMatch(**match_dict) settings = firewall_settings.load() fw_priority = settings['priority'] if rule_action == 'add': ofp_helper.add_flow(datapath, fw_priority, match, actions) elif rule_action == 'delete': # 'off' ofp_helper.del_flow(datapath, match, fw_priority) self._request_stats(datapath) # update flow list
def get_block_list(self, req, **kwargs): settings = firewall_settings.load() blocking_rule = settings['blocking_rule'] dic = {'blocking_rule': blocking_rule} body = json.dumps(dic) return Response(status=200, content_type='application/json', body=body)