Hi, From: "Christoph Brass" <[email protected]> Subject: [Ryu-devel] Snort alert_dumper Date: Wed, 26 Jun 2013 15:08:29 +0200
> Hi, > > i need a bit help with ryu. Currently i'm working with the > alert_dumper example which allows the interaction with the > SNORT IDS. It works very well, and i'm able to trace the > source and destination of suspicous packets by IP and MAC. > Now i want to go one step further and define rules for > suspious IP's. I tried to set a new flowtable-entry with > add_flow, but as the alert_dumper example makes use of the > AlertPkt Object, i'm not able to get access to the > datapath. Thanks for using ryu/snort. You can access to the datapath object with ryu/topology/switches.py . > > It shall look (and work) like the following code-snippet > > @set_ev_cls(alert_monitor.EventAlert) > def _dump_alert(self, ev): > msg = ev.msg > > print 'alertmsg:', ''.join(msg.alertmsg) > > self.packet_print(msg.pkt) > > # This is how i think i might work, if i can access the > datapath > > actions = > [datapath.ofproto_parser.OFPActionOutput(port_for_further_analysis)] > self.add_flow(datapath, suspicious_port, dst, > actions) > out = datapath.ofproto_parser.OFPPacketOut( > datapath=datapath, buffer_id=msg.buffer_id, > in_port=msg.in_port, > actions=actions) > datapath.send_msg(out) > > It would be very kind if someone is able to give me a hint > how i could get access to that datapath. > > Thanks a lot! > > Chris > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > Ryu-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/ryu-devel > ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Ryu-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ryu-devel
