def main(config, mode, modrepeat=None):
# Open configuration file
try:
fd = open(config, 'r')
except IOError as err:
print 'IO Exception: ', err
sys.exit(1)
# Get mode, check validity
if mode != 'auto' and mode != 'manual':
print 'Wrong mode value. Exiting!'
sys.exit(1)
# Check test mode.
repeat = 0
if modrepeat is not None:
if modrepeat != 0:
repeat = modrepeat
# Read configuration file
content = fd.read()
fd.close()
# Parse configuration file
app_to_module_map, app_composition_str = parse_configuration_file(content, mode, repeat)
if len(app_to_module_map) == 0:
print 'Configuration file seems incorrect. Exiting.'
sys.exit(1)
# Run resonance
return dynamic(resonance)(app_to_module_map, app_composition_str) >> mac_learner() + ids_event()
def main():
public_ip = IP("10.0.0.100")
print("public ip address is %s." % public_ip)
client_ips = [
IP("10.0.0.4"),
IP("10.0.0.5"),
IP("10.0.0.6"),
IP("10.0.0.7"),
IP("10.0.0.8"),
IP("10.0.0.9"),
IP("10.0.0.10")
]
#server_ips = [IP("10.0.0.1"),IP("10.0.0.2"), IP("10.0.0.3")]
servers = [{
'ip': IP("10.0.0.1"),
'w': 3
}, {
'ip': IP("10.0.0.2"),
'w': 2
}, {
'ip': IP("10.0.0.3"),
'w': 1
}]
return (wrrlb(client_ips, servers, public_ip) >> mac_learner())
def main():
policy = sdx_policy()
return if_(ARP,
arp(policy.ip_mac_list),
if_(BGP,
identity,
policy
)
) >> mac_learner()
def main():
arp_policy = arp()
policy = sdx_policy(arp_policy)
return if_(ARP,
arp_policy,
if_(BGP,
identity,
policy
)
) >> mac_learner()
def main():
# GLOBALS #############################
up_switch = int("0x0000080027b1d7f1",16)
down_switch = int("0x00000800278507d5",16)
port_wan = 1
#default policy does not match anything
not_allowed = none
################# IP BLOCKERS ################
#read in the access policies and update them
with open(access_policies, 'r') as p_file:
reader = DictReader(p_file, delimiter = ",")
access_p = {}
for row in reader:
access_p[row['id']] = ACCESS_POLICY(row['src_mac'], row['dst_ip'], row['t_begin'], row['t_end'])
for policy in access_p.itervalues():
not_allowed = not_allowed | match(srcmac=MAC(policy.src_mac),dstip=IP(policy.dst_ip)) | match(srcip=IP(policy.dst_ip),dstmac=MAC(policy.src_mac))
#express allowed packets as the complement of not_allowed
allowed = ~not_allowed
############# PORT FORWARDS #################
portPolicy = drop
with open(access_configuration, 'r') as c_file:
reader = DictReader(c_file, delimiter = ",")
access_c = {}
for row in reader:
access_c[row['id']] = ACCESS_CONFIGURATION(row['mac'], row['tc'], row['port_down'], row['port_up'], row['home'])
portPolicy = PolicyManager(access_c, 1, len(access_c))
# for policy in access_c.itervalues():
# portPolicy = portPolicy + if_(match(srcmac=MAC(policy.mac),switch=down_switch),fwd(int(policy.port_down)),
# if_(match(dstmac=MAC(policy.mac),switch=up_switch),fwd(int(policy.port_up)),
# if_(match(srcmac=MAC(policy.mac),switch=up_switch),fwd(port_wan),
# if_(match(dstmac=MAC(policy.mac),switch=down_switch),fwd(int(policy.home)),drop))))
#portPolicy = if_(portPolicy, identity, drop)
############# FINAL POLICY ###############
#send only allowed packets to the double-switch architecture
return allowed >> portPolicy >> mac_learner()
def main():
pol = vm_prov()
# For NuSMV
smv_str = fsm_def_to_smv_model(pol.fsm_def)
mc = ModelChecker(smv_str,'vm_prov')
# If load is light, just forward to 1st server.
mc.add_spec("SPEC AG (load=1 -> AX policy=policy_1)")
# If load is medium, forward to 1st or 2nd server.
mc.add_spec("SPEC AG (load=2 -> AX (policy=policy_1 | policy=policy_2 | policy=policy_3) )")
# If load is high, it is possible to forward to 5th(last) server
mc.add_spec("SPEC AG (load=3 -> EX (policy=policy_5))")
# Save NuSMV file
mc.save_as_smv_file()
# Verify
mc.verify()
return pol >> mac_learner()
def main():
"""Handle ARPs, BGPs, SDX and then do MAC learning"""
sdx_policy = sdx()
print sdx_policy
return if_(ARP, arp(), if_(BGP, identity, sdx_policy)) >> mac_learner()