网络安全CS代写｜CS 6250 SDN Firewall with POX
You will find the following resources useful in completing this project. It is recommended that you review these resources before starting the project.
• IP Header – https://erg.abdn.ac.uk/users/gorry/course/inet-pages/ip-packet.html
• TCP Packet Header – https://en.wikipedia.org/wiki/Transmission_Control_Protocol
• UDP Packet Header – https://en.wikipedia.org/wiki/User_Datagram_Protocol
• The ICMP Protocol – https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
• POX Reference Manual – https://noxrepo.github.io/pox-doc/html/
• Flow Modification- https://noxrepo.github.io/pox-doc/html/#OpenFlow-messages
• Packet Matching – https://noxrepo.github.io/pox-doc/html/#match-structure
• Output Actions – https://noxrepo.github.io/pox-doc/html/#OpenFlow-actions
• IP Protocols – https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers
• TCP and UDP Service and Port References – https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
• Wireshark – https://www.wireshark.org/docs/wsug_html/
• CIDR Calculator – https://account.arin.net/public/cidrCalculator
• CIDR – https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
Several YouTube videos have been posted concerning this project. These consist of the following:
o Broad Overview and Administration – https://youtu.be/zS86rZYIaGQ
o Wireshark Walkthrough – https://youtu.be/CR4226dHE5Y
o Implementation Walkthrough – https://youtu.be/LhbLETpM5-4
o Ruleset Walkthrough – https://youtu.be/dZ1ol7KEx0I
o Testing Overview – https://youtu.be/dj323mdA3sg
You are highly encouraged to watch these videos to see an overview of how the firewall works and for tips and tricks to successfully complete your implementation.
Unzip the SDNFirewall.zip file into your Virtual Machine. Do this by running the following command:
This will extract the files for this project into a directory named SDNFirewall at your current path. The following files will be extracted:
• cleanup.sh – this file called by using following command line: ./cleanup.sh
This file will clean up the Mininet Environment and kill all zombie Python and POX processes.
• configure.pol – this file is where you will supply the configuration to the firewall that specifies the traffic that should either be blocked or allowed (override blocks). The format of this file will be specified later in this document. This file is one of the deliverables that must be included in your ZIP submission to Canvas.
• sdn-firewall.py –This file implements the firewall using POX and OpenFlow functions. It receives a copy of the contents of the configure.pol file as a python list containing a dictionary for each rule and you will need to implement the code necessary to process these items into POX policies to create the firewall. This file is one of the deliverables that must be included in your ZIP submission to Canvas.
• sdn-topology.py – this file creates the Mininet topology used in this assignment. This is like what you created in the Simulating Networks project. When evaluating your code against the ruleset specified in this project, do not change it. However, you are encouraged to make your own topologies (and rules) to test the firewall. Look at the start-topology.sh file to see how to start a different topology.
• ws-topology.py – this file is substantially similar to sdn-topology, but it does not call the POX Controller. You will use this during the wireshark exercise.
• setup-firewall.py – this file sets up the frameworks used in this project. DO NOT MODIFY THIS FILE. This file will create the appropriate POX framework and then integrates the rules implemented in sdn-firewall.py into the OpenFlow engine. It will also read in the values from the configure.pol file and validate that the entries are valid. If you make changes to this file, the autograder will likely have issues with your final code as the autograder uses the unaltered distribution version of this file.
• start-firewall.sh – this is the shell script that starts the firewall. This file must be started before the topology is started. It will copy files to the appropriate directory and then start the POX OpenFlow controller. This file called by using following command line: ./start-firewall.sh
• start-topology.sh – this is the shell script that starts the Mininet topology used in the assignment. All it does is call the sdn-topology.py file with superuser permissions. This file called by using following command line: ./start-topology.sh
• test-client.py – this is a python test client program used to test your firewall. This file is called using the following command line: python test-client.py PROTO SERVERIP PORT SOURCEPORT where PROTO is either T for TCP or U for UDP, SERVERIP is the IP address of the server (destination), PORT is the destination port, and optionally SOURCEPORT allows you to configure the source port that you are using. Example: python test-client.py T 10.0.1.1 80
• test-server.py – this is a python test server program used to test your firewall. This file is called using the following command line: python test-server.py PROTO SERVERIP PORT where PROTO is either T for TCP or U for UDP, SERVERIP is the IP address of the server (the server you are running this script on), and PORT is the service port.
Example: python test-server.py T 10.0.1.1 80