def main():
not_allowed = none
# Copy the code you used to read firewall-policies.csv last week
with open(policy_file, 'r') as f:
for lines in f:
id, mac1, mac2 = lines.split(',')
if id.strip() != 'id':
not_allowed += match(srcmac=MAC(mac1.strip())) & match(dstmac=MAC(mac2.strip()))
not_allowed += match(srcmac=MAC(mac2.strip())) & match(dstmac=MAC(mac1.strip()))
'''
# start with a policy that doesn't match any packets
not_allowed = none
# and add traffic that isn't allowed
for <each pair of MAC address in firewall-policies.csv>:
not_allowed = not_allowed + ( <traffic going in one direction> ) + ( <traffic going in the other direction> )
# express allowed traffic in terms of not_allowed - hint use '~'
allowed = <...>
'''
allowed = ~not_allowed
# and only send allowed traffic to the mac learning (act_like_switch) logic
return allowed >> act_like_switch()
def main():
# Read in the policies from the firewall-policies.csv file
def read_policies (file):
with open(file, 'r') as f:
reader = DictReader(f, delimiter = ",")
policies = {}
for row in reader:
policies[row['id']] = Policy(MAC(row['mac_0']), MAC(row['mac_1']))
return policies
policies = read_policies(policy_file)
# start with a policy that doesn't match any packets
not_allowed = none
# and add traffic that isn't allowed
# Note: this uses the same policy named tuple from the POX
# firewall code. Please refer there for further info
for policy in policies.itervalues():
not_allowed = not_allowed + ( <traffic going in one direction> ) + ( <traffic going in the other direction> )
# express allowed traffic in terms of not_allowed - hint use '~'
allowed = <...>
# and only send allowed traffic to the mac learning (act_like_switch) logic
return allowed >> act_like_switch()
def main():
# Read in the policies from the firewall-policies.csv file
def read_policies (file):
with open(file, 'r') as f:
reader = DictReader(f, delimiter = ",")
policies = {}
for row in reader:
policies[row['id']] = Policy(MAC(row['mac_0']), MAC(row['mac_1']))
return policies
policies = read_policies(policy_file)
# start with a policy that doesn't match any packets
not_allowed = none
# and add traffic that isn't allowed
# Note: this uses the same policy named tuple from the POX
# firewall code. Please refer there for further info
for policy in policies.itervalues():
not_allowed = not_allowed + ( <traffic going in one direction> ) + ( <traffic going in the other direction> )
# express allowed traffic in terms of not_allowed - hint use '~'
allowed = <...>
# and only send allowed traffic to the mac learning (act_like_switch) logic
return allowed >> act_like_switch()
def main():
mac_pair_dict = {}
# Copy the code you used to read firewall-policies.csv last week
ifile = open(policy_file, "rb")
reader = csv.reader(ifile)
rownum = 0
for row in reader:
# Save header row.
if rownum == 0:
header = row
else:
colnum = 0
for col in row:
#print '%-8s: %s' % (header[colnum], col)
colnum += 1
mac_pair_dict[row[1]] = row[2]
rownum += 1
ifile.close()
# start with a policy that doesn't match any packets
not_allowed = none
# and add traffic that isn't allowed
for key, value in mac_pair_dict.iteritems():
not_allowed = not_allowed + (match(srcmac=MAC(key), dstmac=MAC(value))) + (match(srcmac=MAC(value), dstmac=MAC(key)))
# express allowed traffic in terms of not_allowed - hint use '~'
allowed = ~not_allowed
# and only send allowed traffic to the mac learning (act_like_switch) logic
return allowed >> act_like_switch()
def main():
mac_pair_dict = {}
# Copy the code you used to read firewall-policies.csv last week
ifile = open(policy_file, "rb")
reader = csv.reader(ifile)
rownum = 0
for row in reader:
# Save header row.
if rownum == 0:
header = row
else:
colnum = 0
for col in row:
#print '%-8s: %s' % (header[colnum], col)
colnum += 1
mac_pair_dict[row[1]] = row[2]
rownum += 1
ifile.close()
# start with a policy that doesn't match any packets
not_allowed = none
# and add traffic that isn't allowed
for key, value in mac_pair_dict.iteritems():
not_allowed = not_allowed + (match(
srcmac=MAC(key), dstmac=MAC(value))) + (match(srcmac=MAC(value),
dstmac=MAC(key)))
# express allowed traffic in terms of not_allowed - hint use '~'
allowed = ~not_allowed
# and only send allowed traffic to the mac learning (act_like_switch) logic
return allowed >> act_like_switch()
def act_like_firewall(self):
# start with a policy that doesn't match any packets
self.not_allowed = none
# Firewall (MAC pair version) rule table.
self.firewall_policy_table = {}
# Fill the firewall table with the contents from policyFile.
policyFile = open(policyFilePath)
policyLines = policyFile.readlines()
policyFile.close()
def is_number(s):
'''
Checks if s is a number or not.
'''
try:
float(s)
return True
except ValueError:
return False
for policyLine in policyLines:
# Skip the header line.
if not is_number(policyLine.split(',')[0]):
continue
# For now, we are just interested in DROPing packets that match
# the (mac_a, mac_b) pairs in policyFile.
entry = DROP
mac_a = MAC(policyLine.split(',')[1])
mac_b = MAC(policyLine.replace("\n", "").split(',')[2])
# Don't forget to use EthAddr() to turn the MAC address strings
# into proper structures for comparison with the PacketIn event
# attributes.
self.firewall_policy_table[(mac_a, mac_b)] = entry
# and add traffic that isn't allowed
for policy in self.firewall_policy_table:
self.not_allowed = self.not_allowed + match(
srcmac=policy[0], dstmac=policy[1]) + match(srcmac=policy[1],
dstmac=policy[0])
# express allowed traffic in terms of not_allowed - hint use '~'
self.allowed = ~self.not_allowed
# update the policy
self.policy = (self.allowed >> act_like_switch())
print self.policy
def act_like_firewall(self):
# start with a policy that doesn't match any packets
self.not_allowed = none
# Firewall (MAC pair version) rule table.
self.firewall_policy_table = {}
# Fill the firewall table with the contents from policyFile.
policyFile = open(policyFilePath)
policyLines = policyFile.readlines()
policyFile.close()
def is_number(s):
'''
Checks if s is a number or not.
'''
try:
float(s)
return True
except ValueError:
return False
for policyLine in policyLines:
# Skip the header line.
if not is_number(policyLine.split(',')[0]):
continue
# For now, we are just interested in DROPing packets that match
# the (mac_a, mac_b) pairs in policyFile.
entry = DROP
mac_a = MAC(policyLine.split(',')[1])
mac_b = MAC(policyLine.replace("\n","").split(',')[2])
# Don't forget to use EthAddr() to turn the MAC address strings
# into proper structures for comparison with the PacketIn event
# attributes.
self.firewall_policy_table[(mac_a, mac_b)] = entry
# and add traffic that isn't allowed
for policy in self.firewall_policy_table:
self.not_allowed = self.not_allowed + match(srcmac=policy[0], dstmac=policy[1]) + match(srcmac=policy[1], dstmac=policy[0])
# express allowed traffic in terms of not_allowed - hint use '~'
self.allowed = ~self.not_allowed
# update the policy
self.policy = (self.allowed >> act_like_switch())
print self.policy
def main():
# Copy the code you used to read firewall-policies.csv last week
csv_file = csv.DictReader(open(policy_file, 'rb'), delimiter=',', quotechar='"')
# start with a policy that doesn't match any packets
not_allowed = none
# and add traffic that isn't allowed
for line in csv_file:
not_allowed = not_allowed + match(srcmac=MAC(line['mac_0']),dstmac=MAC(line['mac_1'])) + match(srcmac=MAC(line['mac_1']),dstmac=MAC(line['mac_0']))
# express allowed traffic in terms of not_allowed - hint use '~'
allowed = ~not_allowed
# and only send allowed traffic to the mac learning (act_like_switch) logic
return allowed >> act_like_switch()
def main():
reader = csv.reader(open(policy_file, 'r'))
# start with a policy that doesn't match any packets
not_allowed = none
# and add traffic that isn't allowed
for i in reader:
not_allowed = not_allowed + (match(srcmac=MAC(i['mac_0']))
& match(dstmac=MAC(i['mac_1'])))
+(match(srcmac=MAC(i['mac_1'])) & match(dstmac=MAC(i['mac_0'])))
# express allowed traffic in terms of not_allowed - hint use '~'
allowed = ~not_allowed
# and only send allowed traffic to the mac learning (act_like_switch) logic
return allowed >> act_like_switch()
def main():
# start with a policy that doesn't match any packets
not_allowed = none
# and sdd traffic that isn't allowed
with open(policy_file, "r") as csvfile:
dictreader = DictReader(csvfile)
for d in dictreader:
not_allowed = not_allowed +
(match(srcmac=MAC(d['mac_0']))&match(dstmac=MAC(d['mac_1']))) +
(match(srcmac=MAC(d['mac_1']))&match(dstmac=MAC(d['mac_0'])))
#express allowed traffic in terms of not_allowed - hint use'~'
allowed = ~not_allowed
# and only send allowed traffic to the mac learning (act_like_switch) logic
return allowed>>act_like_switch()
def main():
# start with a policy that doesn't match any packets
not_allowed = none
# read data from policy file
with open(policy_file, "r") as policy_content:
dictReader = csv.DictReader(policy_content)
# add the forbidden policy and not allow the two side communication
for d in dictReader:
not_allowed = not_allowed + (match(srcmac=MAC(d['mac_0'])) & match(
dstmac=MAC(d['mac_1']))) + (match(srcmac=MAC(d['mac_1']))
& match(d=MAC(count['mac_0'])))
# add the allowed rules
allowed = ~not_allowed
# print allowed
print allowed
# regard the allowed switch input as the act_like_switch of pyretic_switch
return allowed >> act_like_switch()
def main():
rules = []
with open(policy_file, 'r') as f:
for line in f:
try:
rule = line.strip().split(',')
if rule[0] != 'id':
rules.append((MAC(rule[1]), MAC(rule[2])))
except:
pass
# start with a policy that doesn't match any packets
not_allowed = none
# and add traffic that isn't allowed
for mac_0, mac_1 in rules:
not_allowed = not_allowed + match(srcmac=mac_0,dstmac=mac_1) + match(srcmac=mac_1,dstmac=mac_0)
# express allowed traffic in terms of not_allowed - hint use '~'
allowed = ~not_allowed
# and only send allowed traffic to the mac learning (act_like_switch) logic
return allowed >> act_like_switch()
def main():
rules = []
with open(policy_file, 'r') as f:
for line in f:
try:
rule = line.strip().split(',')
if rule[0] != 'id':
rules.append((MAC(rule[1]), MAC(rule[2])))
except:
pass
# start with a policy that doesn't match any packets
not_allowed = none
# and add traffic that isn't allowed
for mac_0, mac_1 in rules:
not_allowed = not_allowed + match(srcmac=mac_0, dstmac=mac_1) + match(
srcmac=mac_1, dstmac=mac_0)
# express allowed traffic in terms of not_allowed - hint use '~'
allowed = ~not_allowed
# and only send allowed traffic to the mac learning (act_like_switch) logic
return allowed >> act_like_switch()
def main():
# start with a policy that doesn't match any packets
not_allowed = none
# and add traffic that isn't allowed
# for <each pair of MAC address in firewall-policies.csv>:
# not_allowed = not_allowed + ( <traffic going in one direction> ) + ( <traffic going in the other direction> )
with open(policy_file) as f:
line = f.readline()
print line
line = f.readline().strip()
while line:
print("policy: {}".format(line))
num, smac, dmac = line.split(',')
rule1 = match(srcmac=MAC(smac)) & match(dstmac=MAC(dmac))
rule2 = match(dstmac=MAC(smac)) & match(srcmac=MAC(dmac))
not_allowed = not_allowed + rule1 + rule2
line = f.readline().strip()
# express allowed traffic in terms of not_allowed - hint use '~'
allowed = ~not_allowed
# and only send allowed traffic to the mac learning (act_like_switch) logic
return allowed >> act_like_switch()
def main():
# read firewall-policies.csv
csvfile = file(policy_file, 'rb')
reader = csv.reader(csvfile)
#start with a policy that doesn't match any packets
not_allowed = none
for line in reader:
if not (line[1] == 'mac_0'):
#and add traffic that isn't allowed
not_allowed = not_allowed + (match(
srcmac=MAC(line[1]), dstmac=MAC(line[2]))) + (match(
srcmac=MAC(line[2]), dstmac=MAC(line[1])))
csvfile.close()
print not_allowed
# express allowed traffic in terms of not_allowed - hint use '~'.....
allowed = ~not_allowed
print allowed
# and only send allowed traffic to the mac learning (act_like_switch) logic
return allowed >> act_like_switch()
def main():
# Copy the code you used to read firewall-policies.csv last week
# Read lines from CSV file
with open(policy_file) as csvfile:
macFilter = csv.DictReader(csvfile)
# start with a policy that doesn't match any packets
not_allowed = none
# and add traffic that isn't allowed
# for <each pair of MAC address in firewall-policies.csv>:
for row in macFilter:
print row['mac_0']
not_allowed = not_allowed + ( match(srcmac=MAC(row['mac_0'])) & match(dstmac=MAC(row['mac_1']))) + ( match(srcmac=MAC(row['mac_1'])) & match(dstmac=MAC(row['mac_0'])) )
# not_allowed = not_allowed + match(srcmac=MAC(row['mac_0']))
# express allowed traffic in terms of not_allowed - hint use '~'
allowed = ~not_allowed
print allowed
# and only send allowed traffic to the mac learning (act_like_switch) logic
return allowed >> act_like_switch()
def main(): return ( firewall() >> act_like_switch())