Hi,
I'm trying to implement a RA Guard-like solution, improving it with the
possibility of detect the presence of a RA Header into an extension header
chain. I can detect it, but seems like there is some problem about the
forwarding procedure: if the RA header is the first of chain I can filter
it based on the prefix announced (packet dropped if it carries an untrusted
prefix, delivered otherwise), but it doesn't work if the RA header is not
the first one. I can still drop it based on the prefix, but I cannot
deliver it even if the code "goes" into the right "if ramification" and
according to that the packet should be flooded, like shown by the LOG
Code:
def _packet_in_handler(self, ev):
msg = ev.msg
datapath = msg.datapath
ofproto = datapath.ofproto
suspicious = 0
pkt = packet.Packet(msg.data)
eth = pkt.get_protocol(ethernet.ethernet)
dst = eth.dst
src = eth.src
try:
ippiv6 = pkt.get_protocol(ipv6.ipv6)
ipv6s = ippiv6.src
except:
ipv6s = "not assigned yet"
print "PACCHETTO ", ippiv6
try:
icimpv6 = pkt.get_protocol(icmpv6.icmpv6)
icmpv6type = icimpv6.type_
except:
print "non e' un ICMPv6"
icmpv6type = ""
if (icmpv6type == 134):
icidata = icimpv6.data
#self.logger.info("[DATA ND_OPTION] %s: ", icidata)
print("EXTENSION HEADER: ", ippiv6)
print("GNE GNE: ", ippiv6.ext_hdrs)
try:
dict1 = icidata.data[1]
self.logger.info("[PREFIX] %s ", dict1.prefix)
except:
try:
dict1 = icidata.data[0]
self.logger.info("[PREFIX] %s ",
dict1.prefix)
suspicious = 0
except:
self.logger.info("[ALERT] ND_OPTION_PI not
found, irregular structure. Packet Dropped.")
dict1=0 #se i due sopra falliscono, gli
diamo un intero per l'if sotto.
suspicious = 1
self.logger.info("[SUSPECT] SUSPICIOUS
state has changed!")
'''if isinstance(dict1, icmpv6.nd_option_pi):
self.logger.info("[ALERT] I'm IN! :)")
else:
self.logger.info("[ALERT] I'm OUT! :(")'''
if isinstance(icidata, icmpv6.nd_router_advert):
self.logger.info("Router Advert Instance Detected!")
suspicious = 0
self.logger.info("[ALERT] packet contains a Router
Advertisement!")
if (dict1.prefix not in prefixtrusted):
self.logger.info("[WARNING] Intrusion Detection
System detected a Rogue Router Advertisement!\n %s != %s \n", dict1.prefix,
prefixtrusted)
suspicious = 1
self.logger.info("[SUSPECT] SUSPICIOUS state has
changed!")
dpid = datapath.id
self.mac_to_port.setdefault(dpid, {})
self.logger.info("packet in %s ipv6:%s %s %s %s", dpid, ipv6s, src,
dst, msg.in_port)
# learn a mac address to avoid FLOOD next time.
self.mac_to_port[dpid][src] = msg.in_port
if suspicious:
self.logger.info("\n[DROP] SUSPICIOUS packet was dropped!")
out_port = ofproto.OFPP_NONE
elif (dst in self.mac_to_port[dpid]):
out_port = self.mac_to_port[dpid][dst]
print "OUT_PORT = MAC_TO_PORT"
else:
out_port = ofproto.OFPP_FLOOD
print "FLOOD---------------"
self.logger.info (" %s", out_port)
actions = [datapath.ofproto_parser.OFPActionOutput(out_port)]
LOG:
PACCHETTO
ipv6(dst='ff02::1',ext_hdrs=[fragment(id_=0,more=0,nxt=58,offset=0)],flow_label=0,hop_limit=64,nxt=44,payload_length=56,src='fe80::200:ff:fe00:1',traffic_class=0,version=6)
('EXTENSION HEADER: ',
ipv6(dst='ff02::1',ext_hdrs=[fragment(id_=0,more=0,nxt=58,offset=0)],flow_label=0,hop_limit=64,nxt=44,payload_length=56,src='fe80::200:ff:fe00:1',traffic_class=0,version=6))
('GNE GNE: ', [fragment(id_=0,more=0,nxt=58,offset=0)])
[PREFIX] 2001::
Router Advert Instance Detected!
[ALERT] packet contains a Router Advertisement!
packet in 1 ipv6:fe80::200:ff:fe00:1 00:00:00:00:00:01 33:33:00:00:00:01 1
FLOOD---------------
65531
Scapy:
packet =
IPv6(dst="ff02::1")/IPv6ExtHdrFragment()/ICMPv6ND_RA()/ICMPv6NDOptPrefixInfo(prefixlen
= 64, prefix = "2001::")
send(packet)
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Ryu-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ryu-devel
