Closed lorenzomonta closed 3 years ago
My OpenFlow is rusty, but I think the core of it should be something like this...
import libopenflow_01 as of
# Add rule that drops
msg = of.ofp_flow_mod()
msg.match.in_port = BLOCK_PORT
core.openflow.sendToDPID(BLOCK_DPID, msg)
# Remove rule that drops
msg = of.ofp_flow_mod(command = of.OFPFC_DELETE_STRICT)
msg.match.in_port = BLOCK_PORT
core.openflow.sendToDPID(BLOCK_DPID, msg)
My OpenFlow is rusty, but I think the core of it should be something like this...
import libopenflow_01 as of # Add rule that drops msg = of.ofp_flow_mod() msg.match.in_port = BLOCK_PORT core.openflow.sendToDPID(BLOCK_DPID, msg) # Remove rule that drops msg = of.ofp_flow_mod(command = of.OFPFC_DELETE_STRICT) msg.match.in_port = BLOCK_PORT core.openflow.sendToDPID(BLOCK_DPID, msg)
Thank you very very much!! It works fine! Where I can read some documentation about Openflow using Python with some example?
Thanks a lot!
A few possibilities:
Good luck!
Thank you very much, you have been very helpful! Thank you very much!
I am writing code to mitigate DDoS attacks. I can currently identify the switch ports for all switches from which DoS attacks originate. I can't figure out how I can, given the port and dpid of the switch, instruct the switch to drop all packages coming only from the affected port. So maybe I could use update the switch's flow table? but how I could that? Finally, when the DDoS attack is over, how can I remove that rule? Can you help me? Thanks!