I am trying to create a honeypot using Mininet and POX Controller. Here, what I want to achieve is that whenever a particular host pings a specific network, instead of redirecting it to the actual host, the switch should modify its destination as the ip address of our host behaving as honeypot.
I'm quite confused about the implementation of this using ofp_flow_mod() method and which switch should actually implement it. Any code examples to give me a direction would be really helpful.
I've included the topology diagram below to illustrate a clear understanding: Mininet Topology
I've created a Mininet Topology using the following code:
from mininet.net import Mininet
from mininet.node import RemoteController
from mininet.cli import CLI
from mininet.log import setLogLevel, info
setLogLevel( 'info' )
info('\n*** Initialize Mininet\n')
net = Mininet()
info( '*** Adding controller\n' )
net.addController(name='c0', controller=RemoteController, ip='192.168.56.101', port=6633 )
info( '*** Adding hosts\n' )
h1 = net.addHost( 'h1', ip='10.0.1.1', )
h2 = net.addHost( 'h2', ip='10.0.1.2', )
h3 = net.addHost( 'h3', ip='10.0.2.1', )
h4 = net.addHost( 'h4', ip='10.0.2.2', )
h5 = net.addHost( 'h5', ip='10.0.2.3', )
h6 = net.addHost( 'h6', ip='10.0.2.4', )
h7 = net.addHost( 'h7', ip='10.0.3.1', )
h8 = net.addHost( 'h8', ip='10.0.3.2', )
info( '*** Adding switches\n' )
s1 = net.addSwitch( 's1' )
s2 = net.addSwitch( 's2' )
s3 = net.addSwitch( 's3' )
info( '*** Creating links\n' )
net.addLink(s1, s2)
net.addLink(s2, s3)
net.addLink( s1, h1 )
net.addLink( s1, h2 )
net.addLink( s2, h3 )
net.addLink( s2, h4 )
net.addLink( s2, h5 )
net.addLink( s2, h6 )
net.addLink( s3, h7 )
net.addLink( s3, h8 )
info( '*** Starting network\n')
net.start()
info( '*** Running CLI\n' )
CLI( net )
info( '*** Stopping network' )
net.stop()
This topology is successfully connected with POX.
The goal here is that whenever h1 (10.0.1.1) or h2 (10.0.1.2) pings any hosts connected to switch2, the packets should be redirected from switch 2 directly to switch 3 with a modified IP address and vice-versa.
I've tried to implement the following code in POX but it doesn't seem to give me a direction at all.
from pox.core import core
from pox.lib.addresses import IPAddr
import pox.openflow.libopenflow_01 as of
from pox.lib.revent import *
from pox.lib.util import dpid_to_str
from pox.lib.packet.ethernet import ethernet
from pox.lib.packet.ipv4 import ipv4
from pox.lib.addresses import IPAddr, EthAddr
log = core.getLogger()
# creating an event which triggers when a request from switch 1 device sent to switch 2 device
class SDNHoneyPot(EventMixin):
def __init__ (self):
self.listenTo(core.openflow)
def _handle_PacketIn (self, event):
"""
Handles packet in messages from the switch.
"""
packet = event.parsed # This is the parsed packet data.
if not packet.parsed:
log.warning("Ignoring incomplete packet")
return
packet_in = event.ofp # The actual ofp_packet_in message.
msg = of.ofp_flow_mod()
if (event.dpid == 2 and
(isinstance(packet.next, ipv4) and
(packet.next.srcip == "10.0.1.1" and packet.next.dstip == "10.0.2.1") or ((packet.next.srcip == "10.0.2.1" and packet.next.dstip == "10.0.1.1"))))
msg.priority = 10
msg.match.dl_type = 0x0800
msg.match.nw_proto = 1 # ICMP
msg.match.nw_src = "10.0.1.1" # from untrusted host
msg.match.nw_dst = "10.0.2.1" # to our datacenter
event.connection.send(msg)
msg = of.ofp_flow_mod()
msg.priority = 10
msg.match.dl_type = 0x0800
msg.match.nw_proto = 1 # ICMP
msg.match.nw_src = "10.0.2.1" # from untrusted host
msg.match.nw_dst = "10.0.1.1" # to our datacenter
event.connection.send(msg)
else:
msg.data = packet_in
msg.actions.append(of.ofp_action_output(port = of.OFPP_FLOOD))
event.connection.send(msg)
def _handle_ConnectionUp (self, event):
# Log whenever a switch is registered in Mininet Topology.
log.debug("Switch %s has come up.", dpid_to_str(event.dpid))
# registering the event to the core component
def launch ():
core.registerNew(SDNHoneyPot)
Since I have no idea about how to redirect these packets, I'm currently trying to block these packets from forwarding by providing no actions, but that does not seem to work as well.
