search

seungsoo-lee / DELTA

PROJECT DELTA: SDN SECURITY EVALUATION FRAMEWORK
85 stars 36 forks source link

Testbed, host agent: NoRouteToHostException #5

Open thkreutz opened 5 years ago

thkreutz commented 5 years ago

In the testbed the hostagent somehow can not connect to the AgentManager within mininet. I am running the control message drop attack. When executing in mininet java -jar $HOME/delta-agent-host-1.0-SNAPSHOT.jar 10.0.3.1 3366 the following error occurs java.net.NoRouteToHostException: No route to host (Host unreachable)

Full output of host agent

=================================================================================
*** errRun: ['grep', '-c', 'processor', '/proc/cpuinfo'] 
2
  0*** Setting resource limits
*** Error setting resource limits. Mininet's performance may be affected.
*** errRun: ['which', 'ovs-vsctl'] 
/usr/bin/ovs-vsctl
  0*** errRun: ['ovs-vsctl', '-t', '1', 'show'] 
32ca5b0c-8d67-42be-b376-e712d4a8de8f
    ovs_version: "2.5.4"
  0*** errRun: ['ovs-vsctl', '--version'] 
ovs-vsctl (Open vSwitch) 2.5.4
Compiled Sep  3 2017 22:56:32
DB Schema 7.12.1
  0*** s0 : ('unset HISTFILE; stty -echo; set +m',)
unset HISTFILE; stty -echo; set +m

added intf lo (0) to node s0
*** s0 : ('ifconfig', 'lo', 'up')
*** s1 : ('unset HISTFILE; stty -echo; set +m',)
unset HISTFILE; stty -echo; set +m

added intf lo (0) to node s1
*** s1 : ('ifconfig', 'lo', 'up')
*** s2 : ('unset HISTFILE; stty -echo; set +m',)
unset HISTFILE; stty -echo; set +m

added intf lo (0) to node s2
*** s2 : ('ifconfig', 'lo', 'up')
*** s3 : ('unset HISTFILE; stty -echo; set +m',)
unset HISTFILE; stty -echo; set +m

added intf lo (0) to node s3
*** s3 : ('ifconfig', 'lo', 'up')
*** errRun: ['which', 'mnexec'] 
/usr/bin/mnexec
  0*** errRun: ['which', 'ifconfig'] 
/sbin/ifconfig
  0*** h1 : ('unset HISTFILE; stty -echo; set +m',)
unset HISTFILE; stty -echo; set +m
*** h2 : ('unset HISTFILE; stty -echo; set +m',)
unset HISTFILE; stty -echo; set +m
*** s0 : ('ip link add name s0-eth1 address 5e:a5:c5:d7:3e:85 type veth peer name h1-eth0 address 76:79:27:c7:9d:9b netns 2132',)

added intf s0-eth1 (1) to node s0
*** s0 : ('ifconfig', 's0-eth1', 'up')

added intf h1-eth0 (0) to node h1
moving h1-eth0 into namespace for h1 
*** h1 : ('ifconfig', 'h1-eth0', 'up')
*** s2 : ('ip link add name s2-eth1 address c6:11:0e:e0:c1:2d type veth peer name h2-eth0 address 1e:ad:ff:c8:79:24 netns 2134',)

added intf s2-eth1 (1) to node s2
*** s2 : ('ifconfig', 's2-eth1', 'up')

added intf h2-eth0 (0) to node h2
moving h2-eth0 into namespace for h2 
*** h2 : ('ifconfig', 'h2-eth0', 'up')
*** s0 : ('ip link add name s0-eth2 address 9a:26:4f:13:d8:c5 type veth peer name s1-eth1 address 0a:bd:56:25:d4:f5 netns 2121',)

added intf s0-eth2 (2) to node s0
*** s0 : ('ifconfig', 's0-eth2', 'up')

added intf s1-eth1 (1) to node s1
*** s1 : ('ifconfig', 's1-eth1', 'up')
*** s1 : ('ip link add name s1-eth2 address 7a:f2:ce:17:f1:a6 type veth peer name s2-eth2 address ee:cf:1b:0d:1f:af netns 2124',)

added intf s1-eth2 (2) to node s1
*** s1 : ('ifconfig', 's1-eth2', 'up')

added intf s2-eth2 (2) to node s2
*** s2 : ('ifconfig', 's2-eth2', 'up')
*** s3 : ('ip link add name s3-eth1 address 76:69:a3:3d:97:50 type veth peer name host-eth address da:52:a2:33:10:b0 netns 2132',)

added intf s3-eth1 (1) to node s3
*** s3 : ('ifconfig', 's3-eth1', 'up')

added intf host-eth (1) to node h1
moving host-eth into namespace for h1 
*** h1 : ('ifconfig', 'host-eth', 'up')
*** errRun: ['which', 'mnexec'] 
/usr/bin/mnexec
  0*** errRun: ['which', 'ifconfig'] 
/sbin/ifconfig
  0*** root : ('unset HISTFILE; stty -echo; set +m',)
unset HISTFILE; stty -echo; set +m
*** root : ('ip link add name root-eth0 address e6:2f:75:73:1e:c6 type veth peer name s3-eth2 address a6:52:8a:19:d7:f5 netns 2127',)

added intf root-eth0 (0) to node root
*** root : ('ifconfig', 'root-eth0', 'up')

added intf s3-eth2 (2) to node s3
*** s3 : ('ifconfig', 's3-eth2', 'up')
*** root : ('ifconfig', 'root-eth0', '10.0.1.1/8')
*** Configuring hosts
h1 *** h1 : ('ifconfig', 'h1-eth0', 'down')
*** h1 : ('ifconfig', 'h1-eth0', 'hw', 'ether', '00:00:00:00:00:11')
*** h1 : ('ifconfig', 'h1-eth0', 'up')
*** h1 : ('ifconfig', 'h1-eth0', '10.0.0.1/24', 'up')
*** h1 : ('ifconfig lo up',)
h2 *** h2 : ('ifconfig', 'h2-eth0', 'down')
*** h2 : ('ifconfig', 'h2-eth0', 'hw', 'ether', '00:00:00:00:00:22')
*** h2 : ('ifconfig', 'h2-eth0', 'up')
*** h2 : ('ifconfig', 'h2-eth0', '10.0.0.2/24', 'up')
*** h2 : ('ifconfig lo up',)

*** Starting controller

*** Starting 4 switches
s0 *** s0 : ('ovs-vsctl', ' -- --if-exists del-br s0 -- add-br s0 -- set bridge s0 controller=[] other_config:datapath-id=0000000000000001 fail_mode=secure other-config:disable-in-band=true protocols=OpenFlow13 other-config:dp-desc=s0 -- add-port s0 s0-eth1 -- set Interface s0-eth1 ofport_request=1 -- add-port s0 s0-eth2 -- set Interface s0-eth2 ofport_request=2')
ovs-vsctl: Error detected while setting up 's0', 's0-eth1', 's0-eth2'.  See ovs-vswitchd log for details.
s1 *** s1 : ('ovs-vsctl', ' -- --if-exists del-br s1 -- add-br s1 -- set bridge s1 controller=[] other_config:datapath-id=0000000000000002 fail_mode=secure other-config:disable-in-band=true protocols=OpenFlow13 other-config:dp-desc=s1 -- add-port s1 s1-eth1 -- set Interface s1-eth1 ofport_request=1 -- add-port s1 s1-eth2 -- set Interface s1-eth2 ofport_request=2')
ovs-vsctl: Error detected while setting up 's1', 's1-eth1', 's1-eth2'.  See ovs-vswitchd log for details.
s2 *** s2 : ('ovs-vsctl', ' -- --if-exists del-br s2 -- add-br s2 -- set bridge s2 controller=[] other_config:datapath-id=0000000000000003 fail_mode=secure other-config:disable-in-band=true protocols=OpenFlow13 other-config:dp-desc=s2 -- add-port s2 s2-eth1 -- set Interface s2-eth1 ofport_request=1 -- add-port s2 s2-eth2 -- set Interface s2-eth2 ofport_request=2')
ovs-vsctl: Error detected while setting up 's2', 's2-eth1', 's2-eth2'.  See ovs-vswitchd log for details.
s3 *** s3 : ('ovs-vsctl', ' -- --if-exists del-br s3 -- add-br s3 -- set bridge s3 controller=[] other_config:datapath-id=0000000000000004 fail_mode=secure other-config:disable-in-band=true protocols=OpenFlow13 other-config:dp-desc=s3 -- add-port s3 s3-eth1 -- set Interface s3-eth1 ofport_request=1 -- add-port s3 s3-eth2 -- set Interface s3-eth2 ofport_request=2')
ovs-vsctl: Error detected while setting up 's3', 's3-eth1', 's3-eth2'.  See ovs-vswitchd log for details.
...*** errRun: ovs-vsctl 
 ovs-vsctl: missing command name (use --help for help)
 1
*** root : ('route add -net 10.0.1.0/24 dev root-eth0',)
*** h1 : ('ifconfig host-eth 10.0.1.2/24 netmask 255.255.255.0',)
*** h1 : ('route add -net 10.0.3.0/24 dev host-eth',)
*** h1 : ('route add -net 10.0.3.0/24 gw 10.0.3.13 dev host-eth',)
ovs-ofctl: s3 is not a bridge or a socket
ovs-ofctl: s3 is not a bridge or a socket
*** h1 : ('java -jar $HOME/delta-agent-host-1.0-SNAPSHOT.jar 10.0.3.1 3366',)
10.0.3.1 3366
java.net.NoRouteToHostException: No route to host (Host unreachable)
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
    at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
    at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
    at java.net.Socket.connect(Socket.java:589)
    at java.net.Socket.connect(Socket.java:538)
    at java.net.Socket.<init>(Socket.java:434)
    at java.net.Socket.<init>(Socket.java:211)
    at org.deltaproject.hostagent.Interface.connectAgentManager(Interface.java:82)
    at org.deltaproject.hostagent.Main.main(Main.java:11)
java.lang.NullPointerException
    at org.deltaproject.hostagent.Interface.run(Interface.java:118)
*** Starting CLI:

I verified that the agent manager is listening on Port 3366, which is true. netstat -tulpn | grep LISTEN gives

tcp        0      0 10.0.3.1:53             0.0.0.0:*               LISTEN      -               
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN      -               
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -               
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      -               
tcp6       0      0 :::22                   :::*                    LISTEN      -               
tcp6       0      0 ::1:631                 :::*                    LISTEN      -               
tcp6       0      0 :::7070                 :::*                    LISTEN      11615/java      
tcp6       0      0 :::3366                 :::*                    LISTEN

In addition it is possible to connect from the DELTA_CP container to 10.0.3.1:3366 nc -zv 10.0.3.1 3366

What might be the issue here? I also verified in the source code that it gets the right paramters.