Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

add flow modification to pacf and openflow.

Browse source 
More or less untested, but there should not be any big problems.
This commit is contained in:
Johanna Amann 2015-05-15 13:29:24 -07:00
parent 6014b395b8
commit c0111bc4d2
11 changed files with 94 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

28
scripts/base/frameworks/pacf/plugins/openflow.bro
View file

@ -217,12 +217,34 @@ function openflow_rule_to_flow_mod(p: PluginState, r: Rule) : OpenFlow::ofp_flow
else if ( r$ty == WHITELIST )
{
# at the moment our interpretation of whitelist is to hand this off to the switches L2/L3 routing.
flow_mod$out_ports = vector(OpenFlow::OFPP_NORMAL);
flow_mod$actions$out_ports = vector(OpenFlow::OFPP_NORMAL);
}
else if ( r$ty == MODIFY )
{
# if no ports are given, just assume normal pipeline...
flow_mod$actions$out_ports = vector(OpenFlow::OFPP_NORMAL);
local mod = r$mod;
if ( mod?$redirect_port )
flow_mod$actions$out_ports = vector(mod$redirect_port);
if ( mod?$src_h )
flow_mod$actions$nw_src = mod$src_h;
if ( mod?$dst_h )
flow_mod$actions$nw_dst = mod$dst_h;
if ( mod?$src_m )
flow_mod$actions$dl_src = mod$src_m;
if ( mod?$dst_m )
flow_mod$actions$dl_dst = mod$dst_m;
if ( mod?$src_p )
flow_mod$actions$tp_src = mod$src_p;
if ( mod?$dst_p )
flow_mod$actions$tp_dst = mod$dst_p;
}
else if ( r$ty == REDIRECT )
{
# redirect to port i
flow_mod$out_ports = vector(int_to_count(r$i));
# redirect to port c
flow_mod$actions$out_ports = vector(r$c);
}
else
{

15
scripts/base/frameworks/pacf/types.bro
View file

@ -59,7 +59,7 @@ export {
## Begin redirecting all packets matching entity.
##
## .. todo::
## Define arguments.
## c: output port to redirect traffic to.
REDIRECT,
## Begin sampling all flows matching entity.
@ -74,6 +74,17 @@ export {
WHITELIST,
};
## Type of a :bro:id:`FlowMod` for defining a flow modification action.
type FlowMod: record {
src_h: addr &optional; ##< The source IP address.
src_p: count &optional; ##< The source port number.
dst_h: addr &optional; ##< The destination IP address.
dst_p: count &optional; ##< The desintation port number.
src_m: string &optional; ##< The source MAC address.
dst_m: string &optional; ##< The destination MAC address.
redirect_port: count &optional;
};
## A rule for the framework to put in place. Of all rules currently in
## place, the first match will be taken, sorted by priority. All
## further riles will be ignored.
@ -85,9 +96,11 @@ export {
priority: int &default=+0; ##< Priority if multiple rules match an entity (larger value is higher priority).
location: string &optional; ##< Optional string describing where/what installed the rule.
c: count &optional; ##< Argument for rule types requiring an count argument.
i: int &optional; ##< Argument for rule types requiring an integer argument.
d: double &optional; ##< Argument for rule types requiring a double argument.
s: string &optional; ##< Argument for rule types requiring a string argument.
mod: FlowMod &optional; ##< Argument for :bro:id:`MODIFY` rules.
id: count &default=0; ##< Internally determined unique ID for this rule. Will be set when added.
};