Re: [pox-dev] help with openflow actions

Tue, 12 May 2015 12:52:23 -0700 

The problem is probably that you're rewriting the IP addresses but not the 
Ethernet addresses.  In such a case, for example, .4 sees the rewritten packet, 
but it still has .2's Ethernet address.  .4 never even looks at the IP because 
the packet appears to be for someone else at the Ethernet layer.

-- Murphy

On May 12, 2015, at 12:07 PM, Kostas Chartsias <kcharts...@yahoo.gr> wrote:

>          msg = of.ofp_flow_mod()
>          msg.priority = 42
>          msg.match.dl_type=0x800
>          msg.idle_timeout = 40
>          msg.hard_timeout = 40
>          msg.match.nw_dst = IPAddr("10.0.0.2")
>          msg.actions.append(of.ofp_action_nw_addr.set_dst(IPAddr("10.0.0.4")))
>          msg.actions.append(of.ofp_action_output(port = 4))
>          self.connection.send(msg)
>          msg = of.ofp_flow_mod()
>          msg.priority = 42
>          msg.match.dl_type=0x800
>          msg.idle_timeout = 40
>          msg.hard_timeout = 40
>          msg.match.nw_dst = IPAddr(src_ip)
>          msg.actions.append(of.ofp_action_nw_addr.set_src(IPAddr("10.0.0.2")))
>          msg.actions.append(of.ofp_action_output(port = myport))
>          self.connection.send(msg)
> 
> I have a switch and 3 hosts.I assume that 10.0.0.3 is the attacker and 
> 10.0.0.2 and 10.0.0.4 are two(supposed) honeypots.(i use mininet)
> When there are a lot of packets towards .2 honeypot i want to redirect the 
> traffic to .4.So i install a rule for ip spoofing to .4 and i send it to port 
> 4.Moreover there is a flow for the replies from 10.0.0.4.
> The thing is that i send echo requests to .2 ,switch succeessfully changes it 
> to .4 and sends is from the correct port.But h4 drops it and doesn't send any 
> echo reply.
> The even more bizzar thing is that i can ping from .4 to .3 and .3 sees is as 
> .2.(ping show that packets drop,but with tcpdump i can see full duplex 
> communication,wtf is going on) :/
> 
> I cannot understand if it's a pox bug when it modifies src or destination 
> ip,or mininet bug.Or if you could suggest any other solution.
> To sum up the consept is,i want to send packets from .3 to .2 and when an 
> event accurs to send them to .4 But the attacker should see that communicates 
> always with .2 and not .4 (that's why i want to modify ip 2 times)
> Thanks in advance  !!!!
> 
>

Reply via email to