use of org.onosproject.net.flow.TrafficSelector in project ddosdn by ssulca.
the class Firewall method defAttack.
/**
* Metodo defAttack. Llama al método writeRule. Genera un selector de
* trafico de IPV4 que contenga la IP de origen especificada como parametro.
* Permite activar la defensa en caso de un ataque que no sea del tipo
* smurf.
* @param devId Set<DeviceId> Conjunto de OVS sobre los cuales se escribirán
* las reglas.
* @param alertpkt Alertpkt Alerta que contiene IP origen a bloquear.
* @return boolean True si la regla se escribio en por lo menos un device.
* False en caso contrario.
*/
public boolean defAttack(Set<DeviceId> devId, Alertpkt alertpkt, String alamrDescription) {
long signatureId;
IpPrefix IPprefixSrc, IPprefixDst;
TrafficSelector selector;
TpPort tpPort;
IPprefixSrc = IpPrefix.valueOf(alertpkt.getPackageBin().getSourceIP() + "/32");
IPprefixDst = IpPrefix.valueOf(alertpkt.getPackageBin().getDstIP() + "/32");
signatureId = alertpkt.getEvent().getSigId();
if (this.getSIDTCPFloodsAndSlowlorisAttack().contains(signatureId)) {
tpPort = TpPort.tpPort(alertpkt.getPackageBin().getTcp().getDestinationPort());
selector = DefaultTrafficSelector.builder().matchEthType(Ethernet.TYPE_IPV4).matchIPSrc(IPprefixSrc).matchIPDst(IPprefixDst).matchIPProtocol(IPv4.PROTOCOL_TCP).matchTcpDst(tpPort).build();
} else if (signatureId == this.getSIDUDPFloodAttack()) {
tpPort = TpPort.tpPort(alertpkt.getPackageBin().getUdp().getDestinationPort());
selector = DefaultTrafficSelector.builder().matchEthType(Ethernet.TYPE_IPV4).matchIPSrc(IPprefixSrc).matchIPDst(IPprefixDst).matchIPProtocol(IPv4.PROTOCOL_UDP).matchUdpDst(tpPort).build();
} else {
selector = DefaultTrafficSelector.builder().matchEthType(Ethernet.TYPE_IPV4).matchIPSrc(IPprefixSrc).matchIPDst(IPprefixDst).build();
}
// Escritura de regla de drop.
return writeRule(devId, selector, alamrDescription);
}
use of org.onosproject.net.flow.TrafficSelector in project ddosdn by ssulca.
the class Firewall method defSmurfAttack.
/**
* Metodo defSmurfAttack. Llama al método writeRule. Genera un selector de
* trafico de ICMP tipo 8 que contenga la IP de origen y destino
* especificada en los parámetros. Permite activar la defensa en caso de un
* ataque de tipo smurf.
* @param devId Set<DeviceId> Conjunto de OVS sobre los cuales se escribirán
* las reglas.
* @param IPdst String IP destino de broadcast.
* @param IPsrc String IP origen a bloquear.
* @return boolean True si la regla se escribio en por lo menos un device.
* False en caso contrario.
*/
public boolean defSmurfAttack(Set<DeviceId> devId, String IPsrc, String IPdst, String description) {
IpPrefix IPprefixSrc, IPprefixDst;
TrafficSelector selector;
IPprefixSrc = IpPrefix.valueOf(IPsrc + "/32");
IPprefixDst = IpPrefix.valueOf(IPdst + "/32");
// Selector de trafico.
selector = DefaultTrafficSelector.builder().matchEthType(Ethernet.TYPE_IPV4).matchIPProtocol(IPv4.PROTOCOL_ICMP).matchIcmpType(ICMP.TYPE_ECHO_REQUEST).matchIPSrc(IPprefixSrc).matchIPDst(IPprefixDst).build();
// Escritura de regla de drop.
return writeRule(devId, selector, description);
}
use of org.onosproject.net.flow.TrafficSelector in project ddosdn by ssulca.
the class ReactivePacketProcessor method setUpConnectivity.
/**
* Install a rule forwarding the packet to the specified port. connex 1:N
* @param srcCp source connect point
* @param dstCp dest connect point
*/
public Key setUpConnectivity(FilteredConnectPoint srcCp, FilteredConnectPoint dstCp, Host idsHost, boolean duplicateTraffic) {
int priority;
Key key;
Host ids;
String idsKeyString;
TrafficSelector idsSelector;
TrafficSelector selector;
TrafficTreatment treatment;
Set<FilteredConnectPoint> egressPoints;
FilteredConnectPoint filterIdsCp;
idsKeyString = "";
egressPoints = new HashSet<>();
priority = intentNormalPri;
selector = DefaultTrafficSelector.emptySelector();
treatment = DefaultTrafficTreatment.emptyTreatment();
// Do Acction in Mutex enviroment
try {
semaphore.acquire();
} catch (InterruptedException e) {
log.error("Semaforo Dont Acacquire");
return null;
}
// Add initial dst
egressPoints.add(dstCp);
// If DoS/DDoS case, Add IDS dst.
if (duplicateTraffic) {
idsSelector = DefaultTrafficSelector.builder().matchEthType(Ethernet.TYPE_IPV4).build();
// ids = findIds(dstCp);
// Find The nearest IDS to srcCp
// ids = findIds(srcCp);
filterIdsCp = new FilteredConnectPoint(idsHost.location(), idsSelector);
// Add The nearest IDS
egressPoints.add(filterIdsCp);
priority = intentDDoslPri;
idsKeyString = filterIdsCp.toString();
}
key = (srcCp.toString().compareTo(dstCp.toString()) < 0) ? // True
Key.of(srcCp.toString() + dstCp.toString() + idsKeyString, appId) : // False
Key.of(dstCp.toString() + srcCp.toString() + idsKeyString, appId);
intentKeys.add(key);
if (intentService.getIntent(key) != null) {
if (WITHDRAWN_STATES.contains(intentService.getIntentState(key))) {
buildIntent(key, srcCp, egressPoints, priority, selector, treatment);
}
} else {
buildIntent(key, srcCp, egressPoints, priority, selector, treatment);
}
semaphore.release();
// retorna la clave del ultimo intent creado.
return key;
}
use of org.onosproject.net.flow.TrafficSelector in project onos by opennetworkinglab.
the class VirtualNetworkIntentCreateCommand method doExecute.
@Override
protected void doExecute() {
VirtualNetworkService service = get(VirtualNetworkService.class);
IntentService virtualNetworkIntentService = service.get(NetworkId.networkId(networkId), IntentService.class);
ConnectPoint ingress = ConnectPoint.deviceConnectPoint(ingressDeviceString);
ConnectPoint egress = ConnectPoint.deviceConnectPoint(egressDeviceString);
TrafficSelector selector = buildTrafficSelector();
TrafficTreatment treatment = buildTrafficTreatment();
List<Constraint> constraints = buildConstraints();
Intent intent = VirtualNetworkIntent.builder().networkId(NetworkId.networkId(networkId)).appId(appId()).key(key()).selector(selector).treatment(treatment).ingressPoint(ingress).egressPoint(egress).constraints(constraints).priority(priority()).build();
virtualNetworkIntentService.submit(intent);
print("Virtual intent submitted:\n%s", intent.toString());
}
use of org.onosproject.net.flow.TrafficSelector in project onos by opennetworkinglab.
the class VirtualNetworkPacketRequestCommand method buildTrafficSelector.
/**
* Constructs a traffic selector based on the command line arguments
* presented to the command.
* @return traffic selector
*/
private TrafficSelector buildTrafficSelector() {
IpPrefix srcIpPrefix = null;
IpPrefix dstIpPrefix = null;
TrafficSelector.Builder selectorBuilder = DefaultTrafficSelector.builder();
if (!isNullOrEmpty(srcIpString)) {
srcIpPrefix = IpPrefix.valueOf(srcIpString);
if (srcIpPrefix.isIp4()) {
selectorBuilder.matchIPSrc(srcIpPrefix);
} else {
selectorBuilder.matchIPv6Src(srcIpPrefix);
}
}
if (!isNullOrEmpty(dstIpString)) {
dstIpPrefix = IpPrefix.valueOf(dstIpString);
if (dstIpPrefix.isIp4()) {
selectorBuilder.matchIPDst(dstIpPrefix);
} else {
selectorBuilder.matchIPv6Dst(dstIpPrefix);
}
}
if ((srcIpPrefix != null) && (dstIpPrefix != null) && (srcIpPrefix.version() != dstIpPrefix.version())) {
// ERROR: IP src/dst version mismatch
throw new IllegalArgumentException("IP source and destination version mismatch");
}
//
// Set the default EthType based on the IP version if the matching
// source or destination IP prefixes.
//
Short ethType = null;
if ((srcIpPrefix != null) && srcIpPrefix.isIp6()) {
ethType = EthType.IPV6.value();
}
if ((dstIpPrefix != null) && dstIpPrefix.isIp6()) {
ethType = EthType.IPV6.value();
}
if (!isNullOrEmpty(ethTypeString)) {
ethType = EthType.parseFromString(ethTypeString);
}
if (ethType != null) {
selectorBuilder.matchEthType(ethType);
}
if (!isNullOrEmpty(vlanString)) {
selectorBuilder.matchVlanId(VlanId.vlanId(Short.parseShort(vlanString)));
}
if (!isNullOrEmpty(srcMacString)) {
selectorBuilder.matchEthSrc(MacAddress.valueOf(srcMacString));
}
if (!isNullOrEmpty(dstMacString)) {
selectorBuilder.matchEthDst(MacAddress.valueOf(dstMacString));
}
if (!isNullOrEmpty(ipProtoString)) {
short ipProtoShort = IpProtocol.parseFromString(ipProtoString);
selectorBuilder.matchIPProtocol((byte) ipProtoShort);
}
if (!isNullOrEmpty(fLabelString)) {
selectorBuilder.matchIPv6FlowLabel(Integer.parseInt(fLabelString));
}
if (!isNullOrEmpty(icmp6TypeString)) {
byte icmp6Type = Icmp6Type.parseFromString(icmp6TypeString);
selectorBuilder.matchIcmpv6Type(icmp6Type);
}
if (!isNullOrEmpty(icmp6CodeString)) {
byte icmp6Code = Icmp6Code.parseFromString(icmp6CodeString);
selectorBuilder.matchIcmpv6Code(icmp6Code);
}
if (!isNullOrEmpty(ndTargetString)) {
selectorBuilder.matchIPv6NDTargetAddress(Ip6Address.valueOf(ndTargetString));
}
if (!isNullOrEmpty(ndSllString)) {
selectorBuilder.matchIPv6NDSourceLinkLayerAddress(MacAddress.valueOf(ndSllString));
}
if (!isNullOrEmpty(ndTllString)) {
selectorBuilder.matchIPv6NDTargetLinkLayerAddress(MacAddress.valueOf(ndTllString));
}
if (!isNullOrEmpty(srcTcpString)) {
selectorBuilder.matchTcpSrc(TpPort.tpPort(Integer.parseInt(srcTcpString)));
}
if (!isNullOrEmpty(dstTcpString)) {
selectorBuilder.matchTcpDst(TpPort.tpPort(Integer.parseInt(dstTcpString)));
}
if (extHdrStringList != null) {
short extHdr = 0;
for (String extHdrString : extHdrStringList) {
extHdr = (short) (extHdr | ExtHeader.parseFromString(extHdrString));
}
selectorBuilder.matchIPv6ExthdrFlags(extHdr);
}
return selectorBuilder.build();
}
Aggregations