mirror of
https://github.com/zeek/zeek.git
synced 2025-10-06 16:48:19 +00:00
move pacf skeleton away to be able to replace it with old proposal of
Robin.
This commit is contained in:
Johanna Amann
parent
dbc51371cb
commit
883da516ee
4 changed files with 0 additions and 0 deletions
|
|
@ -1,111 +0,0 @@
|
|||
@load ../main
|
||||
@load base/frameworks/openflow
|
||||
|
||||
|
||||
module PACFOpenflow;
|
||||
|
||||
|
||||
export {
|
||||
redef enum PACF::Plugin += {
|
||||
PACF::OPENFLOW,
|
||||
};
|
||||
|
||||
redef record PACF::BackendState += {
|
||||
openflow_controller: Openflow::Controller &optional;
|
||||
};
|
||||
|
||||
global new: function(controller: Openflow::Controller): PACF::Backend;
|
||||
}
|
||||
|
||||
|
||||
function insert(state: PACF::BackendState, rule: PACF::Rule): bool
|
||||
{
|
||||
for(i in rule$action)
|
||||
{
|
||||
switch(rule$action[i]$type_)
|
||||
{
|
||||
case PACF::DROP:
|
||||
if(!state?$openflow_controller)
|
||||
{
|
||||
Reporter::warning(fmt("The given PACF::Backend %s is not an PACFOpenflow backend", cat(state)));
|
||||
return F;
|
||||
}
|
||||
|
||||
# Create openflow records
|
||||
local nw_proto = Openflow::IP_TCP;
|
||||
if(rule$match$ip_proto == udp)
|
||||
nw_proto = Openflow::IP_UDP;
|
||||
else if(rule$match$ip_proto == icmp)
|
||||
nw_proto = Openflow::IP_ICMP;
|
||||
|
||||
local match: Openflow::ofp_match = [
|
||||
$in_port=state$openflow_controller$state$port_state[rule$match$src_ip],
|
||||
$nw_src=rule$match$src_ip,
|
||||
$nw_dst=rule$match$dst_ip,
|
||||
$nw_proto=nw_proto,
|
||||
$tp_src=rule$match$src_port,
|
||||
$tp_dst=rule$match$dst_port
|
||||
];
|
||||
|
||||
local flow_mod: Openflow::ofp_flow_mod = [
|
||||
$match=match,
|
||||
#$cookie=cookie,
|
||||
$idle_timeout=30,
|
||||
$hard_timeout=0,
|
||||
# No action means drop.
|
||||
$actions=vector()
|
||||
];
|
||||
|
||||
if(rule$direction == PACF::BIDIRECTIONAL)
|
||||
{
|
||||
local reverse_match: Openflow::ofp_match = [
|
||||
$in_port=state$openflow_controller$state$port_state[rule$match$dst_ip],
|
||||
$nw_src=rule$match$dst_ip,
|
||||
$nw_dst=rule$match$src_ip,
|
||||
$nw_proto=nw_proto,
|
||||
$tp_src=rule$match$dst_port,
|
||||
$tp_dst=rule$match$src_port
|
||||
];
|
||||
|
||||
local reverse_flow_mod: Openflow::ofp_flow_mod = [
|
||||
$match=reverse_match,
|
||||
#$cookie=cookie,
|
||||
$idle_timeout=30,
|
||||
$hard_timeout=0,
|
||||
# No action means drop.
|
||||
$actions=vector()
|
||||
];
|
||||
}
|
||||
|
||||
if(rule$action[i]$target == PACF::MONITOR)
|
||||
{
|
||||
local action: vector of Openflow::ofp_action_output;
|
||||
action[|action|] = Openflow::ofp_action_output($port_=state$openflow_controller$state$port_state[rule$match$dst_ip]);
|
||||
flow_mod$actions=action;
|
||||
|
||||
if(rule$direction == PACF::BIDIRECTIONAL)
|
||||
{
|
||||
local reverse_action: vector of Openflow::ofp_action_output;
|
||||
reverse_action[|reverse_action|] = Openflow::ofp_action_output($port_=state$openflow_controller$state$port_state[rule$match$src_ip]);
|
||||
reverse_flow_mod$actions=reverse_action;
|
||||
}
|
||||
}
|
||||
|
||||
if(rule$direction == PACF::BIDIRECTIONAL)
|
||||
return Openflow::flow_mod(state$openflow_controller, flow_mod) && Openflow::flow_mod(state$openflow_controller, reverse_flow_mod);
|
||||
else
|
||||
return Openflow::flow_mod(state$openflow_controller, flow_mod);
|
||||
break;
|
||||
default:
|
||||
Reporter::warning(fmt("The PACF ActionType %s is not supported by this plugin", cat(rule$action[i]$type_)));
|
||||
break;
|
||||
}
|
||||
}
|
||||
return F;
|
||||
}
|
||||
|
||||
|
||||
function new(controller: Openflow::Controller): PACF::Backend
|
||||
{
|
||||
return [$type_=PACF::OPENFLOW, $state=[$openflow_controller=controller], $insert=insert];
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue