Pox控制器如何在不安装流规则的情况下发送数据包

Question

I am writing worm detection code using pox controller can anyone tell me how to write a function where my controller will send packet to host directly i mean suppose host A send ****TCPSYN**** packet to host B now as flow rules not available than switch will send packet to controller now i want to write function where ****controller**** will send packet to host B without installing any flow rules.I am writing packetin handeling code

def _handle_PacketIn (self, event):

packet = event.parsed
log.info("Packet come in %s"%packet.type)
dpidstr = dpid_to_str(event.dpid)
# updating out mac to port mapping
self.macToPort[(event.connection,packet.src)] = event.port
dst_port = self.macToPort.get((event.connection,packet.dst))

tcpp = packet.find('tcp')
if tcpp and tcpp.SYN:
        #here i want to write code where my controller will send tcp syn packet received from host A to the destination host(B) with installing any flow rules
if tcpp and tcpp.ACK:
        #here i want to write code where my controller will receive tcp synack packet and send this syn ack packet to the sender(A) which has sent syn packet to host (B) 

actually my algorithm is like

1. Suppose that internal host A sends a TCP SYN to a new external host B. Since there are no flows in the switch matching this packet, it will be sent to the POX controller.
2. The TRW-CB instance running at the POX controller simply forwards this packet through the switch, without setting any flows. At the same time, the algorithm also does its normal processing (ie adds B to a list of hosts pre- viously contacted by A and adds the connection request to A's queue).
3. The two possible responses from B are: (a) If a TCP SYNACK from B to A is received, the switch again forwards this to the NOX controller (since it still does not match any flows). Upon receiving the SYNACK, the TRW-CB instance at the controller installs two flows in the switch. The first flow matches all packets sent from A to B. It contains A's IP address in the IP src field and B's IP address in the IP dst field. Except for Ether type (which is set to IP), all other fields in the flow are wildcarded. The second flow is similar to the first, but matches all packets sent from B to A. Each flow contains an action to forward matching packets out of the relevant port of the switch. Ad- ditionally, TRW-CB also does its normal processing (ie removing this connection request from A's queue and decreasing A's likelihood ratio).. (b) If the connection times out, then TRW-CB does its regular processing (for the connection failure case) without interacting with the switch.Thus no flows are installed.

Answer 1

It would help to have some code for this to handle the packet in but anyways , let me try and cover the most simple and generic situation.

Assuming you have a listener for packet in events in your main class init function, something like

core.openflow.addListenerByName("PacketIn", self._handle_PacketIn)

And then in the function that handles the event

def _handle_PacketIn (self, event): msg = of.ofp_packet_out(data=event.ofp) msg.actions.append(of.ofp_action_output(port=of.OFPP_FLOOD)) event.connection.send(msg)

So the msg is the one the controller sends to the switch, and to cover all ports you just flooding the incoming packet everywhere. If you knew the destination you could adjust here to send packet out only to the desired port. This will fail in closed loops but it will give you a starting point. Check more for ofp_action_output class at http://archive.openflow.org/wk/index.php/OpenFlow_Tutorial#ofp_action_output_class .