Parse a general grammar for FlowGroups

brownsys / pane

Participatory Networking

http://pane.cs.brown.edu

Other

5 stars 4 forks source link

Parse a general grammar for FlowGroups #21

Open adferguson opened 12 years ago

adferguson commented 12 years ago

There are two additional types we need to match on:

End hosts (both sending host and receiving host)
Conglomerate types: groups (sets of users), networks (sets of hosts), and applications (sets of ports)
- I think this is as simple as keeping a data structure which is a registry of these sets and then having commands to add and remove members

arjunguha commented 12 years ago

We're talking about FlowGroups, right? Yes, we need to nail the FlowGroup grammar so you can start writing a paper.

adferguson commented 12 years ago

Correct. Do you have any suggestions? I tweaked the syntax this morning to support the permissions bits on allowing and denying flows.

I'll bring this up at the meeting tomorrow. Thanks for making the point that this will help us start this aspect of the paper writing sooner.

adferguson commented 12 years ago

Update ....

app=http means: (FlowGroup dstPort = 80, transport = tcp) OR (FlowGroup srcPort = 80, transport = tcp) user=adf means: (FlowGroup srcEth = "adf's MAC") OR (FlowGroup dstEth = "adf's MAC") net=customer means: (FlowGroup srcIP = "customer netblock") OR (FlowGroup dstIP = "customer netblock")

where netblock is a CIDR-type subnet.

PANE will have a database which matches resolves these aliases. Same database will also contain important state such as: list of users, persisting the share tree, etc.