[Ryu-devel] [PATCH] Snort Integrate:

Che-Wei Lin Sun, 07 Sep 2014 06:01:23 -0700

Remove the wrong way to get IP and bind with it.
Binding with '0.0.0.0' and listen on all host.


Update and fix typos in the snort_integrate.rst document.

Fix the problem about pigrelay reconnect to ryu will not be accepted.

Pigrelay is a program running on Snort that receive Snort alert
from UNIX socket and send to Ryu via network socket.

Signed-off-by: Che-Wei Lin <[email protected]>
---
 doc/source/snort_integrate.rst | 16 +++++++++-------
 ryu/lib/snortlib.py            | 15 +++++++--------
 2 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/doc/source/snort_integrate.rst b/doc/source/snort_integrate.rst
index f6b593d..bec5619 100644
--- a/doc/source/snort_integrate.rst
+++ b/doc/source/snort_integrate.rst
@@ -7,6 +7,8 @@ This document describes how to integrate Ryu with Snort.
 Overview
 ====
 
+There are two options can send alert to Ryu controller. The Option 1 is easier 
if you just want to demonstrate or test. Since Snort need very large 
computation power for analyzing packets you can choose Option 2 to separate 
them.  
+
 **[Option 1] Ryu and Snort are on the same machine**
 ::
 
@@ -40,7 +42,7 @@ The above depicts Ryu and Snort architecture. Ryu receives 
Snort alert packet vi
                 +----------+   +----------+
 
 
-**\*CP: Controller Plane**
+**\*CP: Control Plane**
 
 The above depicts Ryu and Snort architecture. Ryu receives Snort alert packet 
via **Network Socket** . To monitor packets between HostA and HostB, installing 
a flow that mirrors packets to Snort.
 
@@ -92,7 +94,7 @@ The incoming packets will all mirror to **port 3** which 
should be connect to Sn
 3. Run Snort: ::
 
     $ sudo -i
-    $ sudo snort -i eth1 -A unsock -l /tmp -c /etc/snort/snort.conf
+    $ snort -i eth1 -A unsock -l /tmp -c /etc/snort/snort.conf
 
 4. Send an ICMP packet from HostA (192.168.8.40) to HostB (192.168.8.50): ::
 
@@ -114,20 +116,20 @@ The incoming packets will all mirror to **port 3** which 
should be connect to Sn
 
 2. Run Ryu with sample application (On the Controller): ::
 
-    $ sudo ./bin/ryu-manager ryu/app/simple_switch_snort.py
+    $ ./bin/ryu-manager ryu/app/simple_switch_snort.py
 
 3. Run Snort (On the Snort machine): ::
 
     $ sudo -i
-    $ sudo snort -i eth1 -A unsock -l /tmp -c /etc/snort/snort.conf
+    $ snort -i eth1 -A unsock -l /tmp -c /etc/snort/snort.conf
 
-4. Run ``unsock2nwsock.py`` (On the Snort machine): ::
+4. Run ``pigrelay.py`` (On the Snort machine): ::
 
-    $ sudo python unsock2nwsock.py
+    $ sudo python pigrelay.py
 
 This program listening snort alert messages from unix domain socket and 
sending it to Ryu using network socket.
 
-You can clone the script over here. 
https://gist.github.com/John-Lin/9408ab716df57dbe32ca
+You can clone the source code from this repo. 
https://github.com/John-Lin/pigrelay
 
 
 5. Send an ICMP packet from HostA (192.168.8.40) to HostB (192.168.8.50): ::
diff --git a/ryu/lib/snortlib.py b/ryu/lib/snortlib.py
index 2773585..8682d4b 100644
--- a/ryu/lib/snortlib.py
+++ b/ryu/lib/snortlib.py
@@ -47,13 +47,11 @@ class SnortLib(app_manager.RyuApp):
 
     def start_socket_server(self):
         if not self.config.get('unixsock'):
-            self.config['ip'] = hub.socket.gethostbyname(hub.socket.
-                                                         gethostname())
+
             if self.config.get('port') is None:
                 self.config['port'] = 51234
 
-            self._start_recv_nw_sock(self.config.get('ip'),
-                                     self.config.get('port'))
+            self._start_recv_nw_sock(self.config.get('port'))
         else:
             self._start_recv()
 
@@ -76,20 +74,21 @@ class SnortLib(app_manager.RyuApp):
         self.sock.bind(SOCKFILE)
         hub.spawn(self._recv_loop)
 
-    def _start_recv_nw_sock(self, ip, port):
+    def _start_recv_nw_sock(self, port):
 
         self.nwsock = hub.socket.socket(hub.socket.AF_INET,
                                         hub.socket.SOCK_STREAM)
-        self.nwsock.bind((ip, port))
+        self.nwsock.bind(('0.0.0.0', port))
         self.nwsock.listen(5)
-        self.conn, addr = self.nwsock.accept()
 
         hub.spawn(self._recv_loop_nw_sock)
 
     def _recv_loop_nw_sock(self):
         self.logger.info("Network socket server start listening...")
         while True:
-            data = self.conn.recv(BUFSIZE, hub.socket.MSG_WAITALL)
+            conn, addr = self.nwsock.accept()
+            self.logger.info("Connected with %s", addr[0])
+            data = conn.recv(BUFSIZE, hub.socket.MSG_WAITALL)
 
             if len(data) == BUFSIZE:
                 msg = alert.AlertPkt.parser(data)
-- 
2.1.0


------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Ryu-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ryu-devel

[Ryu-devel] [PATCH] Snort Integrate:

Reply via email to