Enhance the functionality of the firewall (below). The controller may no longer install default flows as soon as a new switch makes a connection, instead the flows will be added (and removed) dynamically as network statistics change i.e., traffic increases or decreases. The new firewall is required to do all of the following:

1- Block a host on run time as soon as it finishes sending 10 packets

a. The hosts will be blocked for 5 seconds and then unblocked enabling it to send more data if it wants i.e., 10 more packets

from pox.core import core

import pox.openflow.libopenflow_01 as of

from pox.lib.revent import *

from pox.lib.util import dpidToStr

from pox.lib.addresses import EthAddr

from collections import namedtuple

import csv

import os

import datetime

log = core.getLogger()

policyFile = "%s/pox/pox/misc/firewall-policies.csv" % os.environ[ 'HOME' ]

blockingListSrc = []

blockingListDst = []

class Firewall (EventMixin):

def __init__ (self):

self.listenTo(core.openflow)

log.info("Enabling Firewall Module")

log.info("File: %s", policyFile)

with open(policyFile) as csvfile:

reader = csv.DictReader(csvfile)

for row in reader:

blockingListSrc.append(row['mac_src'])

blockingListDst.append(row['mac_dst'])

def _handle_ConnectionUp (self, event):

for x in range(0,len(blockingListSrc)):

msg = of.ofp_flow_mod() #create a new flow-mod packet

msg.match.dl_src = EthAddr(blockingListSrc[x]) #ask switch to match scr_addr

msg.match.dl_dst = EthAddr(blockingListDst[x]) #ask switch to match scr_addr

msg.priority = 1000 #You may have to keep a smaller value in l2_learning.py

event.connection.send(msg) #send flow to switch after receiving this flow-mod packet, the switch will install the flow in its flow table

log.info("Blocked at Switch(%i)", event.dpid)

log.info("%s -x-> %s", blockingListSrc[x],blockingListDst[x] )

#hard-coded _handle_packetIn function for single,3 topology

def _handle_PacketIn (self, event):

log.info("S[%i] Port[%i]", event.dpid, event.port)

#log.info(datetime.datetime.now())

packet = event.parsed

packet_in = event.ofp

if (event.port == 2):

msg = of.ofp_flow_mod() #create a new flow-mod packet

#msg.idle_timeout = 30

msg.hard_timeout= 30

msg.match = of.ofp_match.from_packet(packet, event.port)

msg.in_port = event.port

msg.actions.append(of.ofp_action_output(port = 3)) #send out port 3

event.connection.send(msg) #send flow to switch

log.info("INSTALL %s-->%s" % (packet.src, packet.dst))

msg = of.ofp_packet_out()

msg.in_port = event.port

msg.data = packet_in.data

msg.actions.append(of.ofp_action_output(port = 3))

event.connection.send(msg)

log.info("SEND Sending packet out port 3")

if (event.port == 3):

msg = of.ofp_flow_mod() #create a new flow-mod packet

#msg.idle_timeout = 60

msg.hard_timeout = 30

msg.match = of.ofp_match.from_packet(packet, event.port)

#include buffer_id

msg.in_port = event.port

msg.actions.append(of.ofp_action_output(port = 2)) #send out port 2

event.connection.send(msg) #send flow to switch

log.info("INSTALL %s-->%s" % (packet.src, packet.dst))

msg = of.ofp_packet_out()

msg.in_port = event.port

msg.data = packet_in.data

msg.actions.append(of.ofp_action_output(port = 2))

event.connection.send(msg)

log.info("SEND Sending packet out port 2")

def launch ():

'''

Starting the Firewall module

'''

core.registerNew(Firewall)