1

I am trying to block tcp packets of a specific user/session after some threshold is reached. Currently I am able to write a script that drops tcp packets.

@set_ev_cls(ofp_event.EventOFPSwitchFeatures, CONFIG_DISPATCHER)
    def switch_features_handler(self, ev):
        tcp_match = self.drop_tcp_packets_to_specfic_ip(parser)
        self.add_flow_for_clear(datapath, 2, tcp_match)

    def drop_tcp_packets_to_specfic_ip(self, parser):
        tcp_match = parser.OFPMatch(eth_type=0x0800, ip_proto=6, ipv4_src=conpot_ip)
        return tcp_match

Thanks.

Infinity
  • 441
  • 2
  • 5
  • 12

1 Answers1

1

You need to set some rule to match the packets flow. After, you need to create an loop to get statistics about this rule. Finally, you read each statistic and verify the number of packets. So, if the number of packets reach your threshold, you send the rule to block packets.

Marcos Felipe
  • 21
  • 3
  • Can you add a bit more details, I am new to Ryu controller. – Infinity Mar 20 '20 at 09:38
  • First, you need to learn about Opneflow structure (rules, statistics, flow table, match) . Second, learn about architecture of Ryu. The documentation of Ryu is very helpful: https://ryu.readthedocs.io/en/latest/ofproto_v1_3_ref.html When you create rules, you can monitore than using the function OFPFlowStatsRequest. You can send this request, then, your controller will receive the stats of rule. With this stats you can make decisions, for example drop packets. – Marcos Felipe Mar 21 '20 at 01:03