def __init__(self):
# Garden Wall
def redirectToGardenWall():
client_ips = [IP('10.0.0.1'), IP('10.0.0.2')]
rewrite_policy = rewriteDstIPAndMAC(client_ips, '10.0.0.3')
return rewrite_policy
### DEFINE THE LPEC FUNCTION
def lpec(f):
# Your logic here
# return match =
return match(srcip=f['srcip'])
## SET UP TRANSITION FUNCTIONS
@transition
def exempt(self):
self.case(occurred(self.event), self.event)
@transition
def infected(self):
self.case(occurred(self.event), self.event)
@transition
def policy(self):
# If exempt, redirect to gardenwall.
# - rewrite dstip to 10.0.0.3
self.case(test_and_true(V('exempt'), V('infected')),
C(redirectToGardenWall()))
# If infected, drop
# Your logic here
# self.case ()
self.case(is_true(V('infected')), C(drop))
# Else, identity
self.default(C(identity))
### SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(
infected=FSMVar(type=BoolType(), init=False, trans=infected),
# Your logic here
# exempt =
# policy =
exempt=FSMVar(type=BoolType(), init=False, trans=exempt),
policy=FSMVar(type=Type(Policy,
{redirectToGardenWall(), drop, identity}),
init=identity,
trans=policy))
### SET UP POLICY AND EVENT STREAMS
fsm_pol = FSMPolicy(lpec, self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(gardenwall, self).__init__(fsm_pol)
def __init__(self):
### 1. DEFINE THE LPEC FUNCTION
def lpec(f):
return match(srcip=f['srcip'])
### 2. SET UP TRANSITION FUNCTIONS
@transition
def counter(self):
for i in range(Monitor1.m):
self.case(V('counter')==C(i),C(i+1))
self.default(C(0))
@transition
def infected(self):
self.case(is_true((V('counter')>C(Monitor1.v2)) & (V('counter')<=C(Monitor1.m))), C(True))
self.default(C(False))
@transition
def policy(self):
# If "infected" is True, change policy to "drop"
self.case(is_true(V('infected')),C(drop))
# Default policy is "indentity", which is "allow".
self.default(C(identity))
### 3. SET UP THE FSM DESCRIPTION
self.fsm_def =FSMDef(
counter=FSMVar(type=Type(int,set(Monitor1.rates)),init=0,trans=counter),
infected=FSMVar(type=BoolType(),init=False, trans=infected),
policy=FSMVar(type=Type(Policy,{drop,identity}),
init=identity,
trans=policy))
### 4. SET UP POLICY AND EVENT STREAMS
fsm_pol = FSMPolicy(lpec,self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(Monitor1,self).__init__(fsm_pol)
def __init__(self):
### DEFINE THE LPEC FUNCTION
def lpec(f):
return match(srcip=f['srcip'])
## SET UP TRANSITION FUNCTIONS
@transition
def authenticated(self):
self.case(occurred(self.event), self.event)
@transition
def policy(self):
self.case(is_true(V('authenticated')), C(identity))
self.default(C(drop))
### SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(authenticated=FSMVar(type=BoolType(),
init=False,
trans=authenticated),
policy=FSMVar(type=Type(Policy,
{drop, identity}),
init=drop,
trans=policy))
### SET UP POLICY AND EVENT STREAMS
fsm_pol = FSMPolicy(lpec, self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(auth_only, self).__init__(fsm_pol)
def __init__(self):
### DEFINE THE LPEC FUNCTION
def lpec(f):
return match(srcip=f['srcip'])
## SET UP TRANSITION FUNCTIONS
@transition
def authenticated(self):
self.case(occurred(self.event),self.event)
@transition
def policy(self):
self.case(is_true(V('authenticated')),C(identity))
self.default(C(drop))
### SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(
authenticated=FSMVar(type=BoolType(),
init=False,
trans=authenticated),
policy=FSMVar(type=Type(Policy,{drop,identity}),
init=drop,
trans=policy))
### SET UP POLICY AND EVENT STREAMS
fsm_pol = FSMPolicy(lpec,self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(auth,self).__init__(fsm_pol)
def __init__(self):
# Garden Wall
def redirectToGardenWall():
client_ips = [IP('10.0.0.1'), IP('10.0.0.2')]
rewrite_policy = rewriteDstIPAndMAC(client_ips, '10.0.0.3')
return rewrite_policy
### DEFINE THE LPEC FUNCTION
def lpec(f):
# Your logic here
return match(srcip=f['srcip'])
## SET UP TRANSITION FUNCTIONS
@transition
def exempt(self):
self.case(occurred(self.event),self.event)
@transition
def infected(self):
self.case(occurred(self.event),self.event)
@transition
def policy(self):
# If exempt, redirect to gardenwall.
# - rewrite dstip to 10.0.0.3
self.case(test_and_true(V('exempt'),V('infected')), C(redirectToGardenWall()))
# If infected, drop
# Your logic here
self.case(is_true(V('infected')),C(drop))
# Else, identity
self.default(C(identity))
### SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(
infected=FSMVar(type=BoolType(),
init=False,
trans=infected),
# Your logic here
exempt=FSMVar(type=BoolType(),
init=False,
trans=exempt),
policy=FSMVar(type=Type(Policy,{drop,identity,redirectToGardenWall()}),
init=identity,
trans=policy)
)
### SET UP POLICY AND EVENT STREAMS
fsm_pol = FSMPolicy(lpec,self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(gardenwall,self).__init__(fsm_pol)
def __init__(self):
# List of servers
vm_prov.serverList = ['10.0.0.3','10.0.0.4','10.0.0.5','10.0.0.6','10.0.0.7','10.0.0.8']
# Choose randomly
def fwdToThisServer(which_srv):
client_ips = [IP('10.0.0.1'), IP('10.0.0.2')]
if which_srv > -1 and which_srv < len(vm_prov.serverList):
server_ip_str = self.serverList[which_srv]
else:
server_ip_str = '10.0.0.3' # default
rewrite_policy = rewriteDstIPAndMAC_Public(client_ips, '10.0.0.100', server_ip_str)
return rewrite_policy
### DEFINE THE LPEC FUNCTION
def lpec(f):
return match(srcip=f['srcip'],dstip=f['dstip'])
## SET UP TRANSITION FUNCTIONS
@transition
def load(self):
self.case(occurred(self.event),self.event)
@transition
def policy(self):
lightLoad = NonDetermPolicy([fwdToThisServer(i) for i in range(1)])
mediumLoad = NonDetermPolicy([fwdToThisServer(i) for i in range(len(vm_prov.serverList)/2)])
heavyLoad = NonDetermPolicy([fwdToThisServer(i+1) for i in range(len(vm_prov.serverList)-1)])
self.case((V('load')==C(1)) , C(lightLoad))
self.case((V('load')==C(2)) , C(mediumLoad))
self.case((V('load')==C(3)) , C(heavyLoad))
# Else, to primary
self.default(C(fwdToThisServer(0)))
### SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(
load=FSMVar(type=Type(int,{1,2,3}),
init=1,
trans=load),
policy=FSMVar(type=Type(Policy,set([fwdToThisServer(i) for i in range(len(vm_prov.serverList))])),
init=fwdToThisServer(0),
trans=policy))
### SET UP POLICY AND EVENT STREAMS
fsm_pol = FSMPolicy(lpec,self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(vm_prov,self).__init__(fsm_pol)
def __init__(self):
### DEFINE INTERNAL METHODS
rates = [1,2,3]
def interswitch():
return if_(match(inport=2),fwd(1),fwd(2))
def routing():
match_inter = union([match(switch=2),match(switch=3),match(switch=4)])
match_inport = union([match(inport=2),match(inport=3),match(inport=4)])
r = if_(match_inter,interswitch(), if_(match_inport, fwd(1), drop))
return r
def rate_limit_policy(i):
match_from_edge = (union([match(switch=1),match(switch=5)]) & match(inport=1))
return if_(match_from_edge, fwd(i), routing())
### DEFINE THE LPEC FUNCTION
def lpec(f):
h1 = f['srcip']
h2 = f['dstip']
return union([match(srcip=h1,dstip=h2),match(srcip=h2,dstip=h1)] )
### SET UP TRANSITION FUNCTIONS
@transition
def rate(self):
self.case(occurred(self.event),self.event)
@transition
def policy(self):
for i in rates:
self.case(V('rate')==C(i), C(rate_limit_policy(i+1)))
### SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(
rate=FSMVar(type=Type(int,set(rates)),
init=1,
trans=rate),
policy=FSMVar(type=Type(Policy,set([rate_limit_policy(i+1) for i in rates ])),
init=rate_limit_policy(2),
trans=policy))
# Instantiate FSMPolicy, start/register JSON handler.
fsm_pol = FSMPolicy(lpec, self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(rate_limiter,self).__init__(fsm_pol)
def __init__(self):
super(pyretic_gardenwall,self).__init__()
# JSON event listener
json_event = JSONEvent()
json_event.register_callback(self.event_handler)
# flow--state map
self.flow_state_map = {}
self.policy = passthrough
def __init__(self):
super(pyretic_gardenwall, self).__init__()
# JSON event listener
json_event = JSONEvent()
json_event.register_callback(self.event_handler)
# flow--state map
self.flow_state_map = {}
self.policy = passthrough
def __init__ (self):
self.listenTo(core.openflow)
# JSON event listener
json_event = JSONEvent()
json_event.register_callback(self.event_handler)
# The Switch
self.eventSwitch = None
# flow--state map
self.flow_state_map = {}
log.debug("Enabling Firewall Module")
def __init__(self):
self.listenTo(core.openflow)
# JSON event listener
json_event = JSONEvent()
json_event.register_callback(self.event_handler)
# The Switch
self.eventSwitch = None
# flow--state map
self.flow_state_map = {}
log.debug("Enabling Firewall Module")
def __init__(self):
### 1. DEFINE THE LPEC FUNCTION
def lpec(f):
# Packets with same source IP
# will have a same "state" (thus, same policy applied).
return match(srcip=f['srcip'])
### 2. SET UP TRANSITION FUNCTIONS
@transition
def infected(self):
# Return the variable's own value.
# If True, return True. If False, return False.
self.case(occurred(self.event),self.event)
@transition
def policy(self):
# If "infected" is True, change policy to "drop"
self.case(is_true(V('infected')),C(drop))
# Default policy is "indentity", which is "allow".
self.default(C(identity))
### 3. SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(
infected=FSMVar(type=BoolType(),
init=False,
trans=infected),
policy=FSMVar(type=Type(Policy,{drop,identity}),
init=identity,
trans=policy))
### 4. SET UP POLICY AND EVENT STREAMS
### This part pretty much remains same for any application
fsm_pol = FSMPolicy(lpec,self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
### This part pretty much remains same for any application
# Specify application class name here. (e.g., "ids")
super(ids,self).__init__(fsm_pol)
def __init__(self):
### 1. DEFINE THE LPEC FUNCTION
def lpec(f):
# Packets with same source IP
# will have a same "state" (thus, same policy applied).
return match(srcip=f['srcip'])
### 2. SET UP TRANSITION FUNCTIONS
@transition
def infected(self):
# Return the variable's own value.
# If True, return True. If False, return False.
self.case(occurred(self.event),self.event)
@transition
def policy(self):
# If "infected" is True, change policy to "drop"
self.case(is_true(V('infected')),C(drop))
# Default policy is "indentity", which is "allow".
self.default(C(identity))
### 3. SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(
infected=FSMVar(type=BoolType(),
init=False,
trans=infected),
policy=FSMVar(type=Type(Policy,{drop,identity}),
init=identity,
trans=policy))
### 4. SET UP POLICY AND EVENT STREAMS
### This part pretty much remains same for any application
fsm_pol = FSMPolicy(lpec,self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
### This part pretty much remains same for any application
# Specify application class name here. (e.g., "ids")
super(ids_only,self).__init__(fsm_pol)
def lpec(f):
# Your logic here
# return match =
## SET UP TRANSITION FUNCTIONS
@transition
def exempt(self):
self.case(occurred(self.event),self.event)
@transition
def infected(self):
self.case(occurred(self.event),self.event)
@transition
def policy(self):
# If exempt, redirect to gardenwall.
# - rewrite dstip to 10.0.0.3
self.case(test_and_true(V('exempt'),V('infected')), C(redirectToGardenWall()))
# If infected, drop
# Your logic here
# self.case ()
# Else, identity
self.default(C(identity))
### SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(
infected=FSMVar(type=BoolType(),
init=False,
trans=infected),
# Your logic here
# exempt =
# policy =
)
### SET UP POLICY AND EVENT STREAMS
fsm_pol = FSMPolicy(lpec,self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(gardenwall,self).__init__(fsm_pol)
def __init__(self):
v1 = 2
v2 = 7
m = 10
rates = [0, v1, v2, m]
counter = 0
### 1. DEFINE THE LPEC FUNCTION
def lpec(f):
return match(srcip=f['srcip'])
### 2. SET UP TRANSITION FUNCTIONS
@transition
def counter(self):
self.counter += 1
self.case(occured(self.event), self.event)
@transition
def policy(self):
# If "infected" is True, change policy to "drop"
if ((is_true(V(counter) >= rates[2])
and is_true(V(counter) < rates[3]))):
self.case((is_true(V(counter) >= rates[2])
and is_true(V(counter) < rates[3])), C(drop))
# Default policy is "indentity", which is "allow".
self.default(C(identity))
### 3. SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(counter=FSMVar(type=int(),
init=counter,
trans=counter),
policy=FSMVar(type=Type(Policy,
{drop, identity}),
init=identity,
trans=policy))
### 4. SET UP POLICY AND EVENT STREAMS
fsm_pol = FSMPolicy(lpec, self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(Monitor1, self).__init__(fsm_pol)
def __init__(self):
self.q = count_bytes(1, ['srcip', 'dstip'])
self.set_rate_2 = False
self.set_rate_3 = False
def packet_count_printer(counts):
print '==== Count Bytes===='
print str(counts) + '\n'
for m in counts:
idx = str(m).find('srcip')
idx2 = str(m).find('dstip')
sip = str(m)[idx:idx2].lstrip("srcip', ").rstrip(") ('")
dip = str(m)[idx2:].lstrip("dstip', ").rstrip(")")
if counts[m] > BYTES_FOR_RATE2 and BYTES_FOR_RATE3 > counts[
m] and self.set_rate_2 is False:
cmd = BASE_CMD + ' 2 --flow="{srcip=' + sip + ',dstip=' + dip + '}" -a 127.0.0.1 -p 50001'
p1 = subprocess.Popen([cmd], shell=True)
p1.communicate()
self.set_rate_2 = True
elif counts[m] > BYTES_FOR_RATE3 and self.set_rate_3 is False:
cmd = BASE_CMD + ' 3 --flow="{srcip=' + sip + ',dstip=' + dip + '}" -a 127.0.0.1 -p 50001'
p1 = subprocess.Popen([cmd], shell=True)
p1.communicate()
self.set_rate_3 = True
def monitoring():
return self.q + passthrough
### DEFINE THE LPEC FUNCTION
def lpec(f):
return match(srcip=f['srcip'])
## SET UP TRANSITION FUNCTIONS
@transition
def mon(self):
self.case(occurred(self.event), self.event)
@transition
def policy_trans(self):
self.case(is_true(V('monitor')), C(monitoring()))
self.default(C(identity))
### SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(monitor=FSMVar(type=BoolType(),
init=False,
trans=mon),
policy=FSMVar(type=Type(
Policy, set([identity,
monitoring()])),
init=monitoring(),
trans=policy_trans))
### Set up monitoring
self.q.register_callback(packet_count_printer)
### SET UP POLICY AND EVENT STREAMS
fsm_pol = FSMPolicy(lpec, self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(monitor, self).__init__(fsm_pol)
def __init__(self):
self.q = count_bytes(1,['srcip','dstip'])
self.set_rate_2 = False
self.set_rate_3 = False
def packet_count_printer(counts):
print '==== Count Bytes===='
print str(counts) + '\n'
for m in counts:
idx = str(m).find('srcip')
idx2 = str(m).find('dstip')
sip = str(m)[idx:idx2].lstrip("srcip', ").rstrip(") ('")
dip = str(m)[idx2:].lstrip("dstip', ").rstrip(")")
if counts[m] > BYTES_FOR_RATE2 and BYTES_FOR_RATE3 > counts[m] and self.set_rate_2 is False:
cmd = BASE_CMD + ' 2 --flow="{srcip=' + sip +',dstip='+dip+'}" -a 127.0.0.1 -p 50001'
p1 = subprocess.Popen([cmd], shell=True)
p1.communicate()
self.set_rate_2 = True
elif counts[m] > BYTES_FOR_RATE3 and self.set_rate_3 is False:
cmd = BASE_CMD + ' 3 --flow="{srcip=' + sip +',dstip='+dip+'}" -a 127.0.0.1 -p 50001'
p1 = subprocess.Popen([cmd], shell=True)
p1.communicate()
self.set_rate_3 = True
def monitoring():
return self.q + passthrough
### DEFINE THE LPEC FUNCTION
def lpec(f):
return match(srcip=f['srcip'])
## SET UP TRANSITION FUNCTIONS
@transition
def mon(self):
self.case(occurred(self.event),self.event)
@transition
def policy_trans(self):
self.case(is_true(V('monitor')),C(monitoring()))
self.default(C(identity))
### SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(
monitor=FSMVar(type=BoolType(),
init=False,
trans=mon),
policy=FSMVar(type=Type(Policy,set([identity,monitoring()])),
init=monitoring(),
trans=policy_trans))
### Set up monitoring
self.q.register_callback(packet_count_printer)
### SET UP POLICY AND EVENT STREAMS
fsm_pol = FSMPolicy(lpec,self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(monitor,self).__init__(fsm_pol)
def __init__(self):
# Server list.
self.servers = {
'10.0.0.3': '00:00:00:00:00:03',
'10.0.0.4': '00:00:00:00:00:04',
'10.0.0.5': '00:00:00:00:00:05'
}
# Randmoly choose a server from the list
def randomly_choose_server(servermap):
return server_i_policy(choice(servermap.keys()))
# Forward to i-th server
def server_i_policy(i):
ip_list = self.servers.keys()
ip_str = str(i)
mac_str = self.servers[ip_str]
public_ip = IP('10.0.0.100')
client_ips = [IP('10.0.0.1'), IP('10.0.0.2')]
receive_ip = [IP(ip_str)] * len(client_ips)
rewrite_ip_policy = rewrite(zip(client_ips, receive_ip), public_ip)
rewrite_mac_policy = if_(match(dstip=IP(ip_str), ethtype=2048),
modify(dstmac=MAC(mac_str)), passthrough)
return rewrite_ip_policy >> rewrite_mac_policy
# Rewrite IP address.
def rewrite(d, p):
return intersection([subs(c, r, p) for c, r in d])
# subroutine of rewrite()
def subs(c, r, p):
c_to_p = match(srcip=c, dstip=p)
r_to_c = match(srcip=r, dstip=c)
return ((c_to_p >> modify(dstip=r)) + (r_to_c >> modify(srcip=p)) +
(~r_to_c >> ~c_to_p))
### DEFINE THE FLEC FUNCTION
def lpec(f):
return match(srcip=f['srcip'])
## SET UP TRANSITION FUNCTIONS
@transition
def server(self):
self.case(occurred(self.event), self.event)
@transition
def policy(self):
self.servers = {
'10.0.0.3': '00:00:00:00:00:03',
'10.0.0.4': '00:00:00:00:00:04',
'10.0.0.5': '00:00:00:00:00:05'
}
self.case(is_true(V('server')),
C(randomly_choose_server(self.servers)))
self.default(C(server_i_policy(self.servers.keys()[1])))
### SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(
server=FSMVar(type=BoolType(), init=False, trans=server),
policy=FSMVar(type=Type(
Policy, set([server_i_policy(i) for i in self.servers])),
init=server_i_policy(choice(self.servers.keys())),
trans=policy))
# Instantiate FSMPolicy, start/register JSON handler.
fsm_pol = FSMPolicy(lpec, self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(serverlb, self).__init__(fsm_pol)
def __init__(self):
### 1. DEFINE THE LPEC FUNCTION
def lpec(f):
# Packets with same source IP
# will have a same "state" (thus, same policy applied).
h1=f['srcip']
h2=f['dstip']
return ( match (srcip=h1 , dstip=h2 ) | match (srcip =h2 , dstip=h1 ) )
### 2. SET UP TRANSITION FUNCTIONS
@transition
def R0(self):
self.case(occurred(self.event),self.event)
def R1(self):
if(h1==A and port = '2222'):
self.case(is_true(V('!R1')),C(True))
else:
self.default(C(False))
def R2(self):
if(h1==A and h2==F):
self.case(is_true(V('!R2')),C(True))
else:
self.default(C(False))
def R3(self):
if(h1==A and h2==D):
self.case(is_true(V('!R3')),C(True))
else:
self.default(C(False))
def R4(self):
if(h1==A):
self.case(is_true(V('!R4')),C(True))
else:
self.default(C(False))
@transition
def policy(self):
# If "infected" is True, change policy to "drop"
if('R4'):
self.case(is_true(V('R4')),C(drop))
elif('R3'):
self.case(is_true(V('R3')),C(drop))
self.default(C(fwd()))
# Default policy is "indentity", which is "allow".
self.default(C(identity))
self.fsm_def =FSMDef(
R0=FSMVar(type=BoolType(),inti=True,Trans=R0),
R1=FSMVar(type=BoolType(),init=False,Trans=R1),
R2=FSMVar(type=BoolType(),init=False,Trans=R2),
R3=FSMVar(type=BoolType(),init=False,Trans=R3),
R4=FSMVar(type=BoolType(),init=False,Trans=R4),
policy=FSMVar(type=Type(policy,{drop,fwd()}),
init=fwd(),
trans=policy))
### 4. SET UP POLICY AND EVENT STREAMS
### This part pretty much remains same for any application
fsm_pol = FSMPolicy(lpec,self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
def __init__(self):
### DEFINE INTERNAL METHODS
self.links = [1,2,3]
def interswitch():
return if_(match(inport=2),fwd(1),fwd(2))
def routing():
match_inter = union([match(switch=2),match(switch=3),match(switch=4)])
match_inport = union([match(inport=2),match(inport=3),match(inport=4)])
r = if_(match_inter,interswitch(), if_(match_inport, fwd(1), drop))
return r
def randomly_choose_link():
return traffic_lb_policy(choice(self.links)+1)
def traffic_lb_policy(i):
match_from_edge = (union([match(switch=1),match(switch=5)]) & match(inport=1))
return if_(match_from_edge, fwd(i), routing())
### DEFINE THE LPEC FUNCTION
def lpec(f):
h1 = f['srcip']
h2 = f['dstip']
return union([match(srcip=h1,dstip=h2),match(srcip=h2,dstip=h1)] )
### SET UP TRANSITION FUNCTIONS
@transition
def lb(self):
self.case(occurred(self.event),self.event)
@transition
def policy(self):
self.case(is_true(V('lb')),C(randomly_choose_link()))
self.default(C(traffic_lb_policy(2)))
### SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(
lb=FSMVar(type=BoolType(),
init=False,
trans=lb),
policy=FSMVar(type=Type(Policy,set([traffic_lb_policy(i+1) for i in self.links ])),
init=traffic_lb_policy(2),
trans=policy))
# Instantiate FSMPolicy, start/register JSON handler.
fsm_pol = FSMPolicy(lpec, self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(traffic_lb,self).__init__(fsm_pol)
def __init__(self):
### DEFINE INTERNAL METHODS
rates = [1, 2, 3]
def interswitch():
return if_(match(inport=2), fwd(1), fwd(2))
def routing():
match_inter = union(
[match(switch=2),
match(switch=3),
match(switch=4)])
match_inport = union(
[match(inport=2),
match(inport=3),
match(inport=4)])
r = if_(match_inter, interswitch(), if_(match_inport, fwd(1),
drop))
return r
def rate_limit_policy(i):
match_from_edge = (
union([match(switch=1), match(switch=5)]) & match(inport=1))
return if_(match_from_edge, fwd(i), routing())
### DEFINE THE LPEC FUNCTION
def lpec(f):
h1 = f['srcip']
h2 = f['dstip']
return union(
[match(srcip=h1, dstip=h2),
match(srcip=h2, dstip=h1)])
### SET UP TRANSITION FUNCTIONS
@transition
def rate(self):
self.case(occurred(self.event), self.event)
@transition
def policy(self):
for i in rates:
self.case(V('rate') == C(i), C(rate_limit_policy(i + 1)))
### SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(
rate=FSMVar(type=Type(int, set(rates)), init=1, trans=rate),
policy=FSMVar(type=Type(
Policy, set([rate_limit_policy(i + 1) for i in rates])),
init=rate_limit_policy(2),
trans=policy))
# Instantiate FSMPolicy, start/register JSON handler.
fsm_pol = FSMPolicy(lpec, self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(rate_limiter, self).__init__(fsm_pol)
def __init__(self):
### DEFINE INTERNAL METHODS
self.links = [1, 2, 3]
def interswitch():
return if_(match(inport=2), fwd(1), fwd(2))
def routing():
match_inter = union(
[match(switch=2),
match(switch=3),
match(switch=4)])
match_inport = union(
[match(inport=2),
match(inport=3),
match(inport=4)])
r = if_(match_inter, interswitch(), if_(match_inport, fwd(1),
drop))
return r
def randomly_choose_link():
return traffic_lb_policy(choice(self.links) + 1)
def traffic_lb_policy(i):
match_from_edge = (
union([match(switch=1), match(switch=5)]) & match(inport=1))
return if_(match_from_edge, fwd(i), routing())
### DEFINE THE LPEC FUNCTION
def lpec(f):
h1 = f['srcip']
h2 = f['dstip']
return union(
[match(srcip=h1, dstip=h2),
match(srcip=h2, dstip=h1)])
### SET UP TRANSITION FUNCTIONS
@transition
def lb(self):
self.case(occurred(self.event), self.event)
@transition
def policy(self):
self.case(is_true(V('lb')), C(randomly_choose_link()))
self.default(C(traffic_lb_policy(2)))
### SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(
lb=FSMVar(type=BoolType(), init=False, trans=lb),
policy=FSMVar(type=Type(
Policy, set([traffic_lb_policy(i + 1) for i in self.links])),
init=traffic_lb_policy(2),
trans=policy))
# Instantiate FSMPolicy, start/register JSON handler.
fsm_pol = FSMPolicy(lpec, self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(traffic_lb, self).__init__(fsm_pol)
def __init__(self):
# Garden Wall
def redirectToGardenWall():
client_ips = [IP('10.0.0.1'), IP('10.0.0.2')]
rewrite_policy = rewriteDstIPAndMAC(client_ips, '10.0.0.3')
return rewrite_policy
def rewriteDstIPAndMAC(client_ips, garden_ip_str):
garden_mac = MAC('00:00:00:00:00:03')
garden_ip = IP(garden_ip_str)
match_ip_policy = (union([match(dstip=client_ips[0]), match(dstip=client_ips[1])]))
change_ip_policy = (modify(dstip=garden_ip))
change_ip_success = (match(dstip=garden_ip))
change_mac_policy = (modify(dstmac=garden_mac))
# r = match_ip_policy
# r = change_ip_policy
# r = change_ip_success
return match_ip_policy >> change_ip_policy >> change_mac_policy
### DEFINE THE LPEC FUNCTION
def lpec(f):
return match(srcip=f['srcip'])
## SET UP TRANSITION FUNCTIONS
@transition
def exempt(self):
self.case(occurred(self.event),self.event)
@transition
def infected(self):
self.case(occurred(self.event),self.event)
@transition
def policy(self):
# If exempt, redirect to gardenwall.
# - rewrite dstip to 10.0.0.3
self.case(test_and_true(V('exempt'),V('infected')), C(redirectToGardenWall()))
# If infected, drop
self.case(is_true(V('infected')), C(drop))
# Else, identity
self.default(C(identity))
### SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(
infected = FSMVar(type=BoolType(),
init=False,
trans=infected),
exempt = FSMVar(type = BoolType(),
init = False,
trans = exempt),
policy = FSMVar(type = Type(Policy, {redirectToGardenWall(), drop, identity}),
init = identity,
trans = policy)
)
### SET UP POLICY AND EVENT STREAMS
fsm_pol = FSMPolicy(lpec,self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(gardenwall,self).__init__(fsm_pol)
def __init__(self):
# Server list.
self.servers = {
"10.0.0.3": "00:00:00:00:00:03",
"10.0.0.4": "00:00:00:00:00:04",
"10.0.0.5": "00:00:00:00:00:05",
}
# Randmoly choose a server from the list
def randomly_choose_server(servermap):
return server_i_policy(choice(servermap.keys()))
# Forward to i-th server
def server_i_policy(i):
ip_list = self.servers.keys()
ip_str = str(i)
mac_str = self.servers[ip_str]
public_ip = IP("10.0.0.100")
client_ips = [IP("10.0.0.1"), IP("10.0.0.2")]
receive_ip = [IP(ip_str)] * len(client_ips)
rewrite_ip_policy = rewrite(zip(client_ips, receive_ip), public_ip)
rewrite_mac_policy = if_(match(dstip=IP(ip_str), ethtype=2048), modify(dstmac=MAC(mac_str)), passthrough)
return rewrite_ip_policy >> rewrite_mac_policy
# Rewrite IP address.
def rewrite(d, p):
return intersection([subs(c, r, p) for c, r in d])
# subroutine of rewrite()
def subs(c, r, p):
c_to_p = match(srcip=c, dstip=p)
r_to_c = match(srcip=r, dstip=c)
return (c_to_p >> modify(dstip=r)) + (r_to_c >> modify(srcip=p)) + (~r_to_c >> ~c_to_p)
### DEFINE THE FLEC FUNCTION
def lpec(f):
return match(srcip=f["srcip"])
## SET UP TRANSITION FUNCTIONS
@transition
def server(self):
self.case(occurred(self.event), self.event)
@transition
def policy(self):
self.servers = {
"10.0.0.3": "00:00:00:00:00:03",
"10.0.0.4": "00:00:00:00:00:04",
"10.0.0.5": "00:00:00:00:00:05",
}
self.case(is_true(V("server")), C(randomly_choose_server(self.servers)))
self.default(C(server_i_policy(self.servers.keys()[1])))
### SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(
server=FSMVar(type=BoolType(), init=False, trans=server),
policy=FSMVar(
type=Type(Policy, set([server_i_policy(i) for i in self.servers])),
init=server_i_policy(choice(self.servers.keys())),
trans=policy,
),
)
# Instantiate FSMPolicy, start/register JSON handler.
fsm_pol = FSMPolicy(lpec, self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(serverlb, self).__init__(fsm_pol)
def __init__(self, internal_hosts, ih_prd):
### DEFINE THE LPEC FUNCTION
def lpec(f):
hosts = list()
internal_h, external_h = None, None
hosts.append(f['srcip'])
hosts.append(f['dstip'])
for host in hosts:
if host in internal_hosts:
internal_h = host
else:
external_h = host
if internal_h is None or external_h is None:
return None
return (match(srcip=internal_h, dstip=external_h)
| match(srcip=external_h, dstip=internal_h))
## SET UP TRANSITION FUNCTIONS
@transition
def outgoing(self):
self.case(is_true(V('timeout')), C(False))
self.case(occurred(self.event), self.event)
@transition
def timeout(self):
self.case(occurred(self.event), self.event)
self.default(C(False))
@transition
def policy(self):
self.case(is_true(V('timeout')), C(ih_prd))
self.case(is_true(V('outgoing')), C(identity))
self.default(C(ih_prd))
### SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(outgoing=FSMVar(type=BoolType(),
init=False,
trans=outgoing),
timeout=FSMVar(type=BoolType(),
init=False,
trans=timeout),
policy=FSMVar(type=Type(Policy,
[identity, ih_prd]),
init=ih_prd,
trans=policy))
### DEFINE QUERY CALLBACKS
def q_callback(pkt):
flow = frozendict(srcip=pkt['srcip'], dstip=pkt['dstip'])
return fsm_pol.event_handler(Event('outgoing', True, flow))
### SET UP POLICY AND EVENT STREAMS
fsm_pol = FSMPolicy(lpec, self.fsm_def)
q = FwdBucket()
q.register_callback(q_callback)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(sf, self).__init__(fsm_pol + (ih_prd >> q))
def __init__(self):
### DEFINE THE LPEC FUNCTION
def lpec(f):
return match(srcip=f['srcip'])
## SET UP TRANSITION FUNCTIONS
@transition
def R0(self):
self.case(occurred(self.event), self.event)
@transition
def R1(self):
self.case(occurred(self.event), self.event)
@transition
def R2(self):
self.case(occurred(self.event), self.event)
@transition
def R3(self):
self.case(occurred(self.event), self.event)
@transition
def R4(self):
self.case(occurred(self.event), self.event)
@transition
def R5(self):
self.case(occurred(self.event), self.event)
@transition
def infected(self):
self.case(is_true(V('R1')) or is_true(V('R3')), C(True))
self.default(C(False))
@transition
def policy(self):
# If exempt, redirect to gardenwall.
# - rewrite dstip to 10.0.0.3
# If infected, drop
self.case(is_true(V('infected')), C(drop))
# Else, identity
self.default(C(identity))
### SET UP THE FSM DESCRIPTION
self.fsm_def = FSMDef(R0=FSMVar(type=BoolType(), init=False, trans=R0),
R1=FSMVar(type=BoolType(), init=False, trans=R1),
R2=FSMVar(type=BoolType(), init=False, trans=R2),
R3=FSMVar(type=BoolType(), init=False, trans=R3),
R4=FSMVar(type=BoolType(), init=False, trans=R4),
R5=FSMVar(type=BoolType(), init=False, trans=R5),
infected=FSMVar(type=BoolType(),
init=False,
trans=infected),
policy=FSMVar(type=Type(Policy,
{drop, identity}),
init=identity,
trans=policy))
### SET UP POLICY AND EVENT STREAMS
fsm_pol = FSMPolicy(lpec, self.fsm_def)
json_event = JSONEvent()
json_event.register_callback(fsm_pol.event_handler)
super(Firewall, self).__init__(fsm_pol)
