Pox/Pyretic firewall

1. '''
2.    Coursera:
3.    - Software Defined Networking (SDN) course
4.    -- Module 6 Programming Assignment
5.    
6.    Professor: Nick Feamster
7.    Teaching Assistant: Muhammad Shahbaz
8. '''
9.  
10. ################################################################################
11. # The Pyretic Project                                                          #
12. # frenetic-lang.org/pyretic                                                    #
13. # author: Joshua Reich (jreich@cs.princeton.edu)                               #
14. ################################################################################
15. # Licensed to the Pyretic Project by one or more contributors. See the         #
16. # NOTICES file distributed with this work for additional information           #
17. # regarding copyright and ownership. The Pyretic Project licenses this         #
18. # file to you under the following license.                                     #
19. #                                                                              #
20. # Redistribution and use in source and binary forms, with or without           #
21. # modification, are permitted provided the following conditions are met:       #
22. # - Redistributions of source code must retain the above copyright             #
23. #   notice, this list of conditions and the following disclaimer.              #
24. # - Redistributions in binary form must reproduce the above copyright          #
25. #   notice, this list of conditions and the following disclaimer in            #
26. #   the documentation or other materials provided with the distribution.       #
27. # - The names of the copyright holds and contributors may not be used to       #
28. #   endorse or promote products derived from this work without specific        #
29. #   prior written permission.                                                  #
30. #                                                                              #
31. # Unless required by applicable law or agreed to in writing, software          #
32. # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT    #
33. # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the     #
34. # LICENSE file distributed with this work for specific language governing      #
35. # permissions and limitations under the License.                               #
36. ################################################################################
37.  
38. from pyretic.lib.corelib import *
39. from pyretic.lib.std import *
40.  
41. # insert the name of the module and policy you want to import
42. from pox.lib.addresses import EthAddr
43. import os
44. import csv
45. from pyretic.modules.mac_learner import mac_learner as act_like_switch
46.  
47. policy_file = "%s/pyretic/pyretic/examples/firewall-policies.csv" % os.environ[ 'HOME' ]
48.  
49.  
50. def main():
51.     # Copy the code you used to read firewall-policies.csv last week
52.  
53.     rules = []
54.  
55.     with open(policy_file, 'rb') as f:
56.         reader = csv.reader(f)
57.         header = f.readline()
58.         for row in reader:
59.             row.pop(0)
60.             rules.append(row)
61.  
62.     # start with a policy that doesn't match any packets
63.     not_allowed = none
64.     # and add traffic that isn't allowed
65.     for (src,dst) in rules:
66.         direction1 = match(srcmac=MAC(src), dstmac=MAC(dst))
67.         direction2 = match(srcmac=MAC(dst), dstmac=MAC(src))
68.         not_allowed = not_allowed + direction1 + direction2
69.  
70.     # express allowed traffic in terms of not_allowed - hint use '~'
71.     allowed = ~not_allowed
72.  
73.     # and only send allowed traffic to the mac learning (act_like_switch) logic
74.     return allowed >> act_like_switch()