Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-13 12:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

move pacf skeleton away to be able to replace it with old proposal of

Browse source 
Robin.
This commit is contained in:
Johanna Amann 2015-04-07 17:27:50 -07:00
parent dbc51371cb
commit 883da516ee
4 changed files with 0 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
scripts/base/frameworks/pacf-proto/__load__.bro Normal file
View file

@ -0,0 +1 @@
@load ./main

111
scripts/base/frameworks/pacf-proto/main.bro Normal file
View file

@ -0,0 +1,111 @@
@load ./plugins
module PACF;
# Internal id counter for rule ids.
global LAST_ID:count = 0;
export {
## Type of the action.
##
type RuleActionType: enum {
## Drop packets matching a given RuleMatch record.
DROP,
## Modify packets matching a given RuleMatch record
## according to the ModifyArgs record.
MODIFY,
} &redef;
type RuleActionTarget: enum {
FORWARD,
MONITOR,
} &redef;
## Uni or bidriectional flow.
##
type FlowType: enum {
## Unidirectional flow.
PACF::UNIDIRECTIONAL,
## Bidirectional flow.
PACF::BIDIRECTIONAL,
};
## Properties which descibes a matching flow / connection
##
type RuleMatch: record {
## Ethernet protocol (ipv4, ipv6, ipip ... aso).
# eth_proto: ethernet_proto &optional; # Here should mb IPPROTO_* be used.
## VLAN id.
vlan: count &optional;
## Source MAC address.
src_mac: string &optional;
## Source IP address (IPv4 | IPv6).
src_ip: addr &optional;
## Source Port.
src_port: port &optional;
## Destination MAC address.
dst_mac: string &optional;
## Destination IP address.
dst_ip: addr &optional;
## Destination Port.
dst_port: port &optional;
## IP transport protocol.
ip_proto: transport_proto &optional; # Here should mb IPPROTO_* be used.
};
## Action to be done on flows / connections that match.
##
type RuleAction: record {
type_: RuleActionType;
target: RuleActionTarget &default=FORWARD;
## Timeout n seconds after the last packet.
soft_timeout: count &optional;
## Timeout after n seconds.
hard_timeout: count &optional;
## Priority of the action.
priority: int &default=-0;
};
## Rule which descibes the actions to take on a matching
## flow / connection.
type Rule: record {
## Rule id.
id: count &default=LAST_ID;
## Flows / Connections which the rule should match.
match: RuleMatch;
## Actions which will be taken when a flow / connection matches.
action: vector of RuleAction;
## Should it be matched uni or bidriectional.
direction: FlowType;
};
## Registered plugins
type Plugin: enum {
};
type BackendState: record {
} &redef;
## A PACF backend which implements a subset of the PACF
## features for a specific implementation
type Backend: record {
## The type of the plugin (more then one of the same type can exist).
type_: Plugin;
## Insert function to apply a specific rule
insert: function(state: PACF::BackendState, rule: PACF::Rule): bool &optional;
## Remove function to remove a specific rule
remove: function(id: count): bool &optional;
state: BackendState &optional;
} &redef;
global PACF::drop: event();
global PACF::undrop: event();
}

1
scripts/base/frameworks/pacf-proto/plugins/__load__.bro Normal file
View file

@ -0,0 +1 @@
@load ./openflow

111
scripts/base/frameworks/pacf-proto/plugins/openflow.bro Normal file
View file

@ -0,0 +1,111 @@
@load ../main
@load base/frameworks/openflow
module PACFOpenflow;
export {
redef enum PACF::Plugin += {
PACF::OPENFLOW,
};
redef record PACF::BackendState += {
openflow_controller: Openflow::Controller &optional;
};
global new: function(controller: Openflow::Controller): PACF::Backend;
}
function insert(state: PACF::BackendState, rule: PACF::Rule): bool
{
for(i in rule$action)
{
switch(rule$action[i]$type_)
{
case PACF::DROP:
if(!state?$openflow_controller)
{
Reporter::warning(fmt("The given PACF::Backend %s is not an PACFOpenflow backend", cat(state)));
return F;
}
# Create openflow records
local nw_proto = Openflow::IP_TCP;
if(rule$match$ip_proto == udp)
nw_proto = Openflow::IP_UDP;
else if(rule$match$ip_proto == icmp)
nw_proto = Openflow::IP_ICMP;
local match: Openflow::ofp_match = [
$in_port=state$openflow_controller$state$port_state[rule$match$src_ip],
$nw_src=rule$match$src_ip,
$nw_dst=rule$match$dst_ip,
$nw_proto=nw_proto,
$tp_src=rule$match$src_port,
$tp_dst=rule$match$dst_port
];
local flow_mod: Openflow::ofp_flow_mod = [
$match=match,
#$cookie=cookie,
$idle_timeout=30,
$hard_timeout=0,
# No action means drop.
$actions=vector()
];
if(rule$direction == PACF::BIDIRECTIONAL)
{
local reverse_match: Openflow::ofp_match = [
$in_port=state$openflow_controller$state$port_state[rule$match$dst_ip],
$nw_src=rule$match$dst_ip,
$nw_dst=rule$match$src_ip,
$nw_proto=nw_proto,
$tp_src=rule$match$dst_port,
$tp_dst=rule$match$src_port
];
local reverse_flow_mod: Openflow::ofp_flow_mod = [
$match=reverse_match,
#$cookie=cookie,
$idle_timeout=30,
$hard_timeout=0,
# No action means drop.
$actions=vector()
];
}
if(rule$action[i]$target == PACF::MONITOR)
{
local action: vector of Openflow::ofp_action_output;
action[|action|] = Openflow::ofp_action_output($port_=state$openflow_controller$state$port_state[rule$match$dst_ip]);
flow_mod$actions=action;
if(rule$direction == PACF::BIDIRECTIONAL)
{
local reverse_action: vector of Openflow::ofp_action_output;
reverse_action[|reverse_action|] = Openflow::ofp_action_output($port_=state$openflow_controller$state$port_state[rule$match$src_ip]);
reverse_flow_mod$actions=reverse_action;
}
}
if(rule$direction == PACF::BIDIRECTIONAL)
return Openflow::flow_mod(state$openflow_controller, flow_mod) && Openflow::flow_mod(state$openflow_controller, reverse_flow_mod);
else
return Openflow::flow_mod(state$openflow_controller, flow_mod);
break;
default:
Reporter::warning(fmt("The PACF ActionType %s is not supported by this plugin", cat(rule$action[i]$type_)));
break;
}
}
return F;
}
function new(controller: Openflow::Controller): PACF::Backend
{
return [$type_=PACF::OPENFLOW, $state=[$openflow_controller=controller], $insert=insert];
}