def permit_ether_addr(self, eaddr): if not self.st: print "some object is not initialized yet" return False else: eaddr = util.convert_to_eaddr(eaddr) return (eaddr in self.st['permitted'].keys())
def ws_whitelist_eth(request, args): """ Remove a mac address from filtering eap traffic. """ eaddr = args.get('eaddr') if not eaddr: return webservice.badRequest(request, "missing eaddr") eaddr = util.convert_to_eaddr(eaddr) data = Homework._dhcp.whitelist_mac_addr(eaddr) return json.dumps(Homework._dhcp.get_blacklist_mac_status())
def handle_dns(self, dpid, inport, ofp_reason, total_frame_len, buffer_id, packet): eaddr = util.convert_to_eaddr(packet.src) dnsh = packet.find('dns') if not self.permit_ether_addr(eaddr): print "Dropping DNS Packet - MAC Address not allowed" return STOP if not dnsh: print "Invalid DNS packet:", dnsh, packet return CONTINUE print "DNS Packet:", dnsh for question in dnsh.questions: if eaddr in Homework.st['dnsList'] and question.name in Homework.st['dnsList'][eaddr]: print "DNS Resquest blocked for", question.name return STOP flow = util.extract_flow(packet) Homework.install_datapath_flow( dpid, flow, 3, 10, [[openflow.OFPAT_OUTPUT, [-1, openflow.OFPP_NORMAL]]], buffer_id, openflow.OFP_DEFAULT_PRIORITY, inport, packet.arr ) return CONTINUE
def permit_dns(self, eaddr, hostname): if not self.st: print "some object is not initialized yet" return False else: eaddr = util.convert_to_eaddr(eaddr) return (eaddr in self.st['dnsList'].keys() and hostname in self.st['dnsList'][eaddr].keys())
def status(eaddr=None): """ Permit/Deny status of specified/all addresses. """ if not eaddr: permitted = { "permitted": list(map(str, Homework.st['permitted'].keys())), "denied": list(map(str, Homework.st['denied'].keys())) } else: eaddr = util.convert_to_eaddr(eaddr) result = "permitted" if eaddr in permitted else "denied" return json.dumps(permitted)
def ws_blacklist_eth(request, args): """ Aggressive mac address exclusion at the level of wpa connectivity. """ eaddr = args.get('eaddr') if not eaddr: return webservice.badRequest(request, "missing eaddr") eaddr = util.convert_to_eaddr(eaddr) if eaddr in Homework.st['permitted']: del Homework.st['permitted'][eaddr] Homework._dhcp.revoke_mac_addr(eaddr) Homework._dhcp.blacklist_mac_addr(eaddr) return json.dumps(Homework._dhcp.get_blacklist_mac_status())
def dns_permit(eaddr, hostname): print "DNS PERMIT", eaddr, hostname if not (eaddr and hostname): return eaddr = util.convert_to_eaddr(eaddr) Homework.st['dnsList'][eaddr].discard(hostname) return status()
def deny(eaddr, ipaddr = None): """ Deny tx/rx to/from a specified Ethernet address. """ print "DENY", eaddr, ipaddr if not (eaddr or ipaddr): return eaddr = util.convert_to_eaddr(eaddr) if eaddr in Homework.st['permitted']: del Homework.st['permitted'][eaddr] data = Homework._dhcp.revoke_mac_addr(eaddr) return status()
def status(eaddr=None): """ Permit/Deny status of specified/all addresses. """ if not eaddr: dnsList = dict() for key in Homework.st['dnsList']: dnsList[str(key)] = list(Homework.st['dnsList'][key]) permitted = { "permitted": list(map(str, Homework.st['permitted'].keys())), "dnsList": dnsList, } else: eaddr = util.convert_to_eaddr(eaddr) result = "permitted" if eaddr in permitted else "denied" return json.dumps(permitted)
def dns_deny(eaddr, hostname): """ Deny tx/rx to/from a specified Ethernet address. """ print "DENY", eaddr, hostname if not (eaddr and hostname): return eaddr = util.convert_to_eaddr(eaddr) if eaddr not in Homework.st['dnsList']: Homework.st['dnsList'][eaddr] = set([hostname]) else: Homework.st['dnsList'][eaddr].add(hostname) print Homework.st return status()
def handle_dns_response(self, dpid, inport, ofp_reason, total_frame_len, buffer_id, packet): eaddr = util.convert_to_eaddr(packet.dst) dnsh = packet.find('dns') if not self.permit_ether_addr(eaddr): print "Dropping DNS Response Packet - MAC Address not allowed" return STOP if not dnsh: print "\n\n +++ +++ Invalid DNS Response packet: ", dnsh print packet print dir(packet) print packet.__dict__ print "\n\n" return CONTINUE print "DNS Response packet:", dnsh print "*******", dir(dnsh) print "*******", dnsh.__dict__ for answer in dnsh.answers: if answer.qtype in dns.rrtype_to_str: domain = answer.name + ":" + dns.rrtype_to_str[answer.qtype] else: domain = answer.name + ":" + str(answer.qtype) if domain not in Homework.st['domains']: Homework.st['domains'][domain] = set([str(answer.rddata)]) else: Homework.st['domains'][domain].add(str(answer.rddata)) flow = util.extract_flow(packet) Homework.install_datapath_flow( dpid, flow, 3, 10, [[openflow.OFPAT_OUTPUT, [-1, openflow.OFPP_NORMAL]]], buffer_id, openflow.OFP_DEFAULT_PRIORITY, inport, dnsh.arr ) return CONTINUE
def permit(eaddr, ipaddr=None): """ Permit tx/rx to/from a specified Ethernet address.""" print "PERMIT", eaddr, ipaddr if not (eaddr or ipaddr): return ## TODO Add rule to forward dns requests eaddr = util.convert_to_eaddr(eaddr) pattern = { core.DL_TYPE: ethernet.ethernet.IP_TYPE, core.DL_SRC: eaddr, } if not ipaddr: old_ipaddrs = Homework.st['permitted'].get(eaddr) Homework.st['permitted'][eaddr] = None # for dpid in Homework.st['ports']: ## permit the forward path to this eaddr/ipaddr # Homework.install_datapath_flow( # dpid, pattern, # openflow.OFP_FLOW_PERMANENT, openflow.OFP_FLOW_PERMANENT, # Actions.really_flood, # ) ## ...and the reverse path similarly # del pattern[core.DL_SRC] # pattern[core.DL_DST] = eaddr # if ipaddr: # del pattern[core.NW_SRC] # pattern[core.NW_DST] = ipaddr # Homework.install_datapath_flow( # dpid, pattern, # openflow.OFP_FLOW_PERMANENT, openflow.OFP_FLOW_PERMANENT, # Actions.really_flood, # ) return status()