def main():
    not_allowed = none
    # Copy the code you used to read firewall-policies.csv last week
    with open(policy_file, 'r') as f:
        for lines in f:
            id, mac1, mac2 = lines.split(',')
            if id.strip() != 'id':
                not_allowed += match(srcmac=MAC(mac1.strip())) & match(dstmac=MAC(mac2.strip()))
                not_allowed += match(srcmac=MAC(mac2.strip())) & match(dstmac=MAC(mac1.strip()))

    '''
    # start with a policy that doesn't match any packets
    not_allowed = none
    # and add traffic that isn't allowed
    for <each pair of MAC address in firewall-policies.csv>:
        not_allowed = not_allowed + ( <traffic going in one direction> ) + ( <traffic going in the other direction> )

    # express allowed traffic in terms of not_allowed - hint use '~'
    allowed = <...>
    '''

    allowed = ~not_allowed

    # and only send allowed traffic to the mac learning (act_like_switch) logic
    return allowed >> act_like_switch()
示例#2
0
def main():
    # Read in the policies from the firewall-policies.csv file
    def read_policies (file):
        with open(file, 'r') as f:
            reader = DictReader(f, delimiter = ",")
            policies = {}
            for row in reader:
                policies[row['id']] = Policy(MAC(row['mac_0']), MAC(row['mac_1']))
        return policies
    
    policies = read_policies(policy_file)

    # start with a policy that doesn't match any packets
    not_allowed = none

    # and add traffic that isn't allowed
    # Note: this uses the same policy named tuple from the POX
    # firewall code. Please refer there for further info
    for policy in policies.itervalues():
        not_allowed = not_allowed + ( <traffic going in one direction> ) + ( <traffic going in the other direction> )

    # express allowed traffic in terms of not_allowed - hint use '~'
    allowed = <...>

    # and only send allowed traffic to the mac learning (act_like_switch) logic
    return allowed >> act_like_switch()
示例#3
0
def main():
    # Read in the policies from the firewall-policies.csv file
    def read_policies (file):
        with open(file, 'r') as f:
            reader = DictReader(f, delimiter = ",")
            policies = {}
            for row in reader:
                policies[row['id']] = Policy(MAC(row['mac_0']), MAC(row['mac_1']))
        return policies

    policies = read_policies(policy_file)

    # start with a policy that doesn't match any packets
    not_allowed = none

    # and add traffic that isn't allowed
    # Note: this uses the same policy named tuple from the POX
    # firewall code. Please refer there for further info
    for policy in policies.itervalues():
        not_allowed = not_allowed + ( <traffic going in one direction> ) + ( <traffic going in the other direction> )

    # express allowed traffic in terms of not_allowed - hint use '~'
    allowed = <...>

    # and only send allowed traffic to the mac learning (act_like_switch) logic
    return allowed >> act_like_switch()
示例#4
0
def main():
    mac_pair_dict = {}
    # Copy the code you used to read firewall-policies.csv last week
    ifile  = open(policy_file, "rb")
    reader = csv.reader(ifile)
    rownum = 0
    for row in reader:
        # Save header row.
        if rownum == 0:
            header = row
        else:
            colnum = 0
            for col in row:
                #print '%-8s: %s' % (header[colnum], col)
                colnum += 1
            mac_pair_dict[row[1]] = row[2]
        rownum += 1
    ifile.close()

    # start with a policy that doesn't match any packets
    not_allowed = none
    # and add traffic that isn't allowed
    for key, value in mac_pair_dict.iteritems():
        not_allowed = not_allowed + (match(srcmac=MAC(key), dstmac=MAC(value))) + (match(srcmac=MAC(value), dstmac=MAC(key)))

    # express allowed traffic in terms of not_allowed - hint use '~'
    allowed = ~not_allowed

    # and only send allowed traffic to the mac learning (act_like_switch) logic
    return allowed >> act_like_switch()
def main():
    mac_pair_dict = {}
    # Copy the code you used to read firewall-policies.csv last week
    ifile = open(policy_file, "rb")
    reader = csv.reader(ifile)
    rownum = 0
    for row in reader:
        # Save header row.
        if rownum == 0:
            header = row
        else:
            colnum = 0
            for col in row:
                #print '%-8s: %s' % (header[colnum], col)
                colnum += 1
            mac_pair_dict[row[1]] = row[2]
        rownum += 1
    ifile.close()

    # start with a policy that doesn't match any packets
    not_allowed = none
    # and add traffic that isn't allowed
    for key, value in mac_pair_dict.iteritems():
        not_allowed = not_allowed + (match(
            srcmac=MAC(key), dstmac=MAC(value))) + (match(srcmac=MAC(value),
                                                          dstmac=MAC(key)))

    # express allowed traffic in terms of not_allowed - hint use '~'
    allowed = ~not_allowed

    # and only send allowed traffic to the mac learning (act_like_switch) logic
    return allowed >> act_like_switch()
def act_like_firewall(self):

    # start with a policy that doesn't match any packets
    self.not_allowed = none

    # Firewall (MAC pair version) rule table.
    self.firewall_policy_table = {}

    # Fill the firewall table with the contents from policyFile.
    policyFile = open(policyFilePath)
    policyLines = policyFile.readlines()
    policyFile.close()

    def is_number(s):
        '''
        Checks if s is a number or not.
        '''
        try:
            float(s)
            return True
        except ValueError:
            return False

    for policyLine in policyLines:

        # Skip the header line.
        if not is_number(policyLine.split(',')[0]):
            continue

        # For now, we are just interested in DROPing packets that match
        # the (mac_a, mac_b) pairs in policyFile.
        entry = DROP

        mac_a = MAC(policyLine.split(',')[1])
        mac_b = MAC(policyLine.replace("\n", "").split(',')[2])

        # Don't forget to use EthAddr() to turn the MAC address strings
        # into proper structures for comparison with the PacketIn event
        # attributes.
        self.firewall_policy_table[(mac_a, mac_b)] = entry

    # and add traffic that isn't allowed
    for policy in self.firewall_policy_table:
        self.not_allowed = self.not_allowed + match(
            srcmac=policy[0], dstmac=policy[1]) + match(srcmac=policy[1],
                                                        dstmac=policy[0])

    # express allowed traffic in terms of not_allowed - hint use '~'
    self.allowed = ~self.not_allowed

    # update the policy
    self.policy = (self.allowed >> act_like_switch())

    print self.policy
def act_like_firewall(self):

    # start with a policy that doesn't match any packets
    self.not_allowed = none

    # Firewall (MAC pair version) rule table.
    self.firewall_policy_table = {}

    # Fill the firewall table with the contents from policyFile.
    policyFile = open(policyFilePath)
    policyLines = policyFile.readlines()
    policyFile.close()

    def is_number(s):
        '''
        Checks if s is a number or not.
        '''
        try:
            float(s)
            return True
        except ValueError:
            return False

    for policyLine in policyLines:

        # Skip the header line.
        if not is_number(policyLine.split(',')[0]):
            continue

        # For now, we are just interested in DROPing packets that match 
        # the (mac_a, mac_b) pairs in policyFile.
        entry = DROP

        mac_a = MAC(policyLine.split(',')[1])
        mac_b = MAC(policyLine.replace("\n","").split(',')[2])

        # Don't forget to use EthAddr() to turn the MAC address strings 
        # into proper structures for comparison with the PacketIn event 
        # attributes.
        self.firewall_policy_table[(mac_a, mac_b)] = entry

    # and add traffic that isn't allowed
    for policy in self.firewall_policy_table:
        self.not_allowed = self.not_allowed + match(srcmac=policy[0], dstmac=policy[1]) + match(srcmac=policy[1], dstmac=policy[0])

    # express allowed traffic in terms of not_allowed - hint use '~'
    self.allowed = ~self.not_allowed

    # update the policy
    self.policy = (self.allowed >> act_like_switch())

    print self.policy
示例#8
0
def main():
    # Copy the code you used to read firewall-policies.csv last week
    csv_file = csv.DictReader(open(policy_file, 'rb'), delimiter=',', quotechar='"')

    # start with a policy that doesn't match any packets
    not_allowed = none
    # and add traffic that isn't allowed
    for line in csv_file:
	not_allowed = not_allowed + match(srcmac=MAC(line['mac_0']),dstmac=MAC(line['mac_1'])) + match(srcmac=MAC(line['mac_1']),dstmac=MAC(line['mac_0'])) 

    # express allowed traffic in terms of not_allowed - hint use '~'
    allowed = ~not_allowed

    # and only send allowed traffic to the mac learning (act_like_switch) logic
    return  allowed >> act_like_switch()
示例#9
0
def main():
    reader = csv.reader(open(policy_file, 'r'))
    # start with a policy that doesn't match any packets
    not_allowed = none
    # and add traffic that isn't allowed
    for i in reader:
        not_allowed = not_allowed + (match(srcmac=MAC(i['mac_0']))
                                     & match(dstmac=MAC(i['mac_1'])))
        +(match(srcmac=MAC(i['mac_1'])) & match(dstmac=MAC(i['mac_0'])))

    # express allowed traffic in terms of not_allowed - hint use '~'
    allowed = ~not_allowed

    # and only send allowed traffic to the mac learning (act_like_switch) logic
    return allowed >> act_like_switch()
def main():
    # start with a policy that doesn't match any packets
    not_allowed = none
    # and sdd traffic that isn't allowed
    with open(policy_file, "r") as csvfile:
        dictreader = DictReader(csvfile)
        for d in dictreader:
            not_allowed = not_allowed + 
            (match(srcmac=MAC(d['mac_0']))&match(dstmac=MAC(d['mac_1']))) + 
            (match(srcmac=MAC(d['mac_1']))&match(dstmac=MAC(d['mac_0'])))
    
    #express allowed traffic in terms of not_allowed - hint use'~'
    allowed = ~not_allowed

    # and only send allowed traffic to the mac learning (act_like_switch) logic
    return allowed>>act_like_switch()
def main():
    # start with a policy that doesn't match any packets
    not_allowed = none
    # read data from policy file
    with open(policy_file, "r") as policy_content:
        dictReader = csv.DictReader(policy_content)
        # add the forbidden policy and not allow the two side communication
        for d in dictReader:
            not_allowed = not_allowed + (match(srcmac=MAC(d['mac_0'])) & match(
                dstmac=MAC(d['mac_1']))) + (match(srcmac=MAC(d['mac_1']))
                                            & match(d=MAC(count['mac_0'])))
    # add the allowed rules
        allowed = ~not_allowed
        # print allowed
        print allowed
# regard the allowed switch input as the act_like_switch of pyretic_switch
    return allowed >> act_like_switch()
def main():
    rules = []
    with open(policy_file, 'r') as f:
        for line in f:
            try:
                rule = line.strip().split(',')
                if rule[0] != 'id':
                    rules.append((MAC(rule[1]), MAC(rule[2])))
            except:
                pass

    # start with a policy that doesn't match any packets
    not_allowed = none
    # and add traffic that isn't allowed
    for mac_0, mac_1 in rules:
        not_allowed = not_allowed + match(srcmac=mac_0,dstmac=mac_1) + match(srcmac=mac_1,dstmac=mac_0)

    # express allowed traffic in terms of not_allowed - hint use '~'
    allowed = ~not_allowed

    # and only send allowed traffic to the mac learning (act_like_switch) logic
    return allowed >> act_like_switch()
示例#13
0
def main():
    rules = []
    with open(policy_file, 'r') as f:
        for line in f:
            try:
                rule = line.strip().split(',')
                if rule[0] != 'id':
                    rules.append((MAC(rule[1]), MAC(rule[2])))
            except:
                pass

    # start with a policy that doesn't match any packets
    not_allowed = none
    # and add traffic that isn't allowed
    for mac_0, mac_1 in rules:
        not_allowed = not_allowed + match(srcmac=mac_0, dstmac=mac_1) + match(
            srcmac=mac_1, dstmac=mac_0)

    # express allowed traffic in terms of not_allowed - hint use '~'
    allowed = ~not_allowed

    # and only send allowed traffic to the mac learning (act_like_switch) logic
    return allowed >> act_like_switch()
def main():
    # start with a policy that doesn't match any packets
    not_allowed = none
    # and add traffic that isn't allowed
    # for <each pair of MAC address in firewall-policies.csv>:
    #     not_allowed = not_allowed + ( <traffic going in one direction> ) + ( <traffic going in the other direction> )
    with open(policy_file) as f:
        line = f.readline()
        print line
        line = f.readline().strip()
        while line:
            print("policy: {}".format(line))
            num, smac, dmac = line.split(',')
            rule1 = match(srcmac=MAC(smac)) & match(dstmac=MAC(dmac))
            rule2 = match(dstmac=MAC(smac)) & match(srcmac=MAC(dmac))
            not_allowed = not_allowed + rule1 + rule2
            line = f.readline().strip()

    # express allowed traffic in terms of not_allowed - hint use '~'
    allowed = ~not_allowed

    # and only send allowed traffic to the mac learning (act_like_switch) logic
    return allowed >> act_like_switch()
示例#15
0
def main():
    # read firewall-policies.csv
    csvfile = file(policy_file, 'rb')
    reader = csv.reader(csvfile)
    #start with a policy that doesn't match any packets
    not_allowed = none

    for line in reader:

        if not (line[1] == 'mac_0'):
            #and add traffic that isn't allowed
            not_allowed = not_allowed + (match(
                srcmac=MAC(line[1]), dstmac=MAC(line[2]))) + (match(
                    srcmac=MAC(line[2]), dstmac=MAC(line[1])))

    csvfile.close()
    print not_allowed

    # express allowed traffic in terms of not_allowed - hint use '~'.....
    allowed = ~not_allowed
    print allowed

    # and only send allowed traffic to the mac learning (act_like_switch) logic
    return allowed >> act_like_switch()
示例#16
0
def main():
    # Copy the code you used to read firewall-policies.csv last week

    # Read lines from CSV file
    with open(policy_file) as csvfile:
        macFilter = csv.DictReader(csvfile)


    # start with a policy that doesn't match any packets
    	not_allowed = none

    # and add traffic that isn't allowed
    # for <each pair of MAC address in firewall-policies.csv>:
    	for row in macFilter:
		print row['mac_0']
        	not_allowed = not_allowed + ( match(srcmac=MAC(row['mac_0'])) & match(dstmac=MAC(row['mac_1'])))  + ( match(srcmac=MAC(row['mac_1'])) & match(dstmac=MAC(row['mac_0'])) )
		# not_allowed = not_allowed + match(srcmac=MAC(row['mac_0']))

    # express allowed traffic in terms of not_allowed - hint use '~'
    allowed = ~not_allowed
    print allowed

    # and only send allowed traffic to the mac learning (act_like_switch) logic
    return allowed >> act_like_switch()
示例#17
0
def main():    
   return ( firewall() >> act_like_switch())