mirror of
https://github.com/zeek/zeek.git
synced 2025-10-07 00:58:19 +00:00
[ADD] the possibility to remove flows and refactored the flow_mod function to fit the new capabilities. Also started to comment more of the code
This commit is contained in:
Christian Struck
parent
6c2a8cdff4
commit
bf6dc12be4
3 changed files with 185 additions and 75 deletions
|
|
@ -19,6 +19,8 @@ const hard_timeout = 0;
|
|||
const in_port = 3;
|
||||
const out_port = 1;
|
||||
|
||||
global delete_flow: bool = F;
|
||||
|
||||
export {
|
||||
## Number of bytes transferred before shunting a flow.
|
||||
const size_threshold = 1024000 &redef;
|
||||
|
|
@ -33,27 +35,62 @@ export {
|
|||
}
|
||||
|
||||
function size_callback(c: connection, cnt: count): interval {
|
||||
print fmt("%s:%s <-> %s:%s reached %s/%s", c$id$orig_h, port_to_count(c$id$orig_p), c$id$resp_h, port_to_count(c$id$resp_p), c$orig$num_bytes_ip + c$resp$num_bytes_ip, size_threshold);
|
||||
# print flow traffic.
|
||||
print fmt(
|
||||
"%s:%s <-> %s:%s reached %s/%s",
|
||||
c$id$orig_h,
|
||||
port_to_count(c$id$orig_p),
|
||||
c$id$resp_h,
|
||||
port_to_count(c$id$resp_p),
|
||||
c$orig$num_bytes_ip + c$resp$num_bytes_ip,
|
||||
size_threshold
|
||||
);
|
||||
# if traffic exceeds the given threshold, remove flow.
|
||||
if ( c$orig$num_bytes_ip + c$resp$num_bytes_ip >= size_threshold ) {
|
||||
# create openflow flow_mod add records from connection data and given default constants
|
||||
local actions: vector of Openflow::ofp_action_output;
|
||||
actions[|actions|] = Openflow::ofp_action_output($_port=out_port);
|
||||
|
||||
# flow layer 4 protocol
|
||||
local nw_proto = Openflow::IP_TCP;
|
||||
if(is_udp_port(c$id$orig_p)) {
|
||||
nw_proto = Openflow::IP_UDP;
|
||||
} else if(is_icmp_port(c$id$orig_p)) {
|
||||
nw_proto = Openflow::IP_ICMP;
|
||||
}
|
||||
local match: Openflow::ofp_match = [$in_port=in_port, $nw_src=c$id$orig_h, $nw_dst=c$id$resp_h, $nw_proto=nw_proto, $tp_src=c$id$orig_p, $tp_dst=c$id$resp_p];
|
||||
local match: Openflow::ofp_match = [
|
||||
$in_port=in_port,
|
||||
$nw_src=c$id$orig_h,
|
||||
$nw_dst=c$id$resp_h,
|
||||
$nw_proto=nw_proto,
|
||||
$tp_src=c$id$orig_p,
|
||||
$tp_dst=c$id$resp_p
|
||||
];
|
||||
local command = Openflow::OFPFC_ADD;
|
||||
if(delete_flow) {
|
||||
command = Openflow::OFPFC_DELETE;
|
||||
}
|
||||
local flow_mod: Openflow::ofp_flow_mod = [
|
||||
$match=match,
|
||||
$cookie=cookie,
|
||||
$command=command,
|
||||
$idle_timeout=idle_timeout,
|
||||
$hard_timeout=hard_timeout,
|
||||
$actions=actions
|
||||
];
|
||||
|
||||
# print fmt(cmd, param_dpid, param_port, "",of_ctrl_uri);
|
||||
when ( local result = Openflow::flow_mod(dpid, cookie, idle_timeout, hard_timeout, actions, match) ) {
|
||||
# call openflow framework
|
||||
when ( local result = Openflow::flow_mod(dpid, flow_mod) ) {
|
||||
if(result) {
|
||||
event OpenflowShunt::shunt_triggered(c);
|
||||
}
|
||||
}
|
||||
|
||||
return -1sec;
|
||||
if(delete_flow) {
|
||||
return -1sec;
|
||||
} else {
|
||||
delete_flow = T;
|
||||
return 15sec;
|
||||
}
|
||||
}
|
||||
|
||||
return poll_interval;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue