Hi to everyone,
I'm currently work on my thesis, and I modified the simple_switch_13 program to
simulate a DoS attack, and after with help of a Finite State Machine, avoid
them.
To implement the simulation of a DoS attack, I used the following algorithm:
Each time the controller sends the PktOut message, it sends k (k = 3).
To prevent this attack (i.e. the switch must pass only the first packetOut and
do not run duplicates) I implemented a state machine with the following
algorithm:
- state 0: default, switch no received packet yet
- state 1: switch received 1 PacketOut
- the transaction 0->1 is performed when switch received PacketOut msg
- IF(RECEIVE PACKETOUT) (i.e match =
parser.OFPMatch(in_port=ofproto.OFPP_CONTROLLER, state=0)
change state and forward to mirror port 3.
- If switch received another PacktOut, it remains in state 1 but now drop this
packet
- I return to state 0 (DEFAULT)
----- code---
match = ofparser.OFPMatch(in_port=ofproto.OFPP_CONTROLLER, state=0)
mirror_port = 3
print match
actions = [osparser.OFPExpActionSetState(state=1, table_id=0),
ofparser.OFPActionOutput(mirror_port)]
self.add_flow(datapath,1, match, actions)
match = ofparser.OFPMatch(in_port=ofproto.OFPP_CONTROLLER, state=1)
print match
actions = [osparser.OFPExpActionSetState(state=1, table_id=0)]
self.add_flow(datapath,1, match, actions)
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
Ryu-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ryu-devel
