add wsgi interface to deidtect core module, drop rule for outgoing traffic on bro interface

parent a3cc54dd
......@@ -9,6 +9,11 @@ from optparse import OptionParser
import requests, json
import idsSpinup as dIds
from subprocess import Popen, PIPE
import eventlet
from eventlet import wsgi
from cgi import parse_qs, escape
import thread
from routes import Mapper
'''
curl -v http://155.98.38.121:123/controllerhelper/del/test/100/1
......@@ -78,16 +83,90 @@ class deidtect:
ryuip = self.cfg['RYU_IP']
self.sendLocalCloudReq(cmd,name,switch,port,vlan,tunid,ryuip)
print "Sending tap rq to local enterprise controller"
self.sendLocalTapReq(cmd, switch,port,vlan,None);
#self.sendLocalTapReq(cmd, switch,port,vlan,None);
else:
#follow the order
print "Sending cloud req remote deidtect controller"
print "Sending tunnel setup req to WAN controller"
print "Sending tap rq to local enterprise controller"
'''
wsgi functions
'''
def sendOK(start_response):
start_response("200 OK", [('Content-type', 'text/plain')])
return ['OK']
def sendError(start_response):
start_response("404 Not Found", [('Content-type',
'text/plain')])
return ['Page not found']
def networkapp(environ, start_response):
cur_path = environ['PATH_INFO']
print mapper
print cur_path
result = mapper.match(cur_path)
if result is not None:
print result
print "called.. %s" % result['action']
return globals()[result['action']](result, start_response)
return sendError(start_response)
def start_deidtect_server(port):
'''
must be run on the server on port 120, as 100 is already taken by the
cloud controller.
deidtect core and deidtect cloud controller can run in same machine
servers the following requests.
1. Local tap user request - add
- The request is conveted to a Remote request depending upon the
configuration file if it doesn't have a local cloud IP it looks for
REMOTE_DEIDtect and WAN CONTROLLER to contact to, then it forwards
the request to remote deditect and setup the WAN tunnel.
2. Remote tap user request from other Deditect
- Don't create a tap in enterprise :) But still the switch and other
controller IP is required for whitelisting
- This spins up VM and creates a tunnel
* [REMOTE] The other DEIDtect should take care of the WAN SDN tunnel which is
* nothing but ext-node must have an helper serving the tunneling
* request :)
'''
serverip = socket.gethostbyname(socket.gethostname())
global mapper
mapper = Mapper()
route_name = 'deidtect'
print "Server : DEIDtect Core active.."
uri = '/deidtect/{site}/{cmd}/{idsname}/{switchdpid}/{port}/{vlanid}/{tunid}'
mapper.connect(route_name, uri, controller="home",
action='deidtectAction',
conditions=dict(method=['GET']))
wsgi.server(eventlet.listen((serverip, port)), networkapp)
print "Server : DEIDtect Core Stopped"
def deidtectAction(dic, start_response):
print "got deidtectAction request.."
print dic
site = dic.get('site',None)
cmd = dic.get('cmd',None)
idsname = dic.get('idsname',None)
switchdpid = dic.get('switchdpid',None)
port = dic.get('port',None)
vlanid = dic.get('vlanid',None)
tunid = dic.get('tunid',None)
return sendOK(start_response);
if __name__ == '__main__':
opts, args = parseOptions()
d = deidtect(opts.file);
d.sendReq(cmd="add")
global d;
start_deidtect_server(120);
#d.sendReq(cmd="add")
#d.sendReq(cmd="del")
......@@ -83,6 +83,12 @@ def computeOFlowInstall(dic, start_response):
print computeintflow
ovscmdlist.append(computeintflow)
print "install drop rule for outgoing traffic"
computedropoutflow = 'sudo ovs-ofctl add-flow br-int priority=3,in_port=%d,actions=' \
% (int(OVSPORTNUMBER))
print computedropoutflow
ovscmdlist.append(computedropoutflow)
print "Reconfiguring iptables for ids vm traffic"
iptable_allowall= "sudo iptables -A %s -p all -j RETURN" % VMCHAININPUT
......@@ -109,6 +115,11 @@ def computeOFlowInstall(dic, start_response):
print computeintflow
ovscmdlist.append(computeintflow)
computedropoutflow = 'sudo ovs-ofctl del-flows br-int in_port=%d' \
% (int(OVSPORTNUMBER))
print computedropoutflow
ovscmdlist.append(computedropoutflow)
for cmd in ovscmdlist:
p = Popen(cmd, shell=True, stdout=PIPE, stderr=PIPE)
out, err = p.communicate()
......@@ -138,7 +149,7 @@ def networkOFlowInstall(dic, start_response):
out, err = p.communicate()
greport=out.rstrip().replace(' ','')
networkexflow='sudo ovs-ofctl add-flow br-ex priority=3,dl_vlan=%d,actions=%d' \
networkexflow='sudo ovs-ofctl add-flow br-ex priority=3,dl_vlan=%d,actions=output:%d' \
% (int(vlanid), NET_OVS_BR_INT_PORT);
print networkexflow
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment