如何在pox控制器中阻止数据包?
[英]How to block packet in pox controller?
问题描述
When im trying this code below and check it using "tcpdump -teni h32-eth0" cause i was attack on host32 but packets keep coming with length 0, i want to drop the incoming packet, anybody can help? 
当我尝试下面的代码并使用“ tcpdump -teni h32-eth0”进行检查时,原因是我受到了host32的攻击,但数据包的长度始终为0,我想丢弃传入的数据包,有人可以提供帮助吗?
def _timer_func (): global diction global set_Timer def _timer_func():全局字典全局set_Timer
if set_Timer==True:
for k,v in diction.iteritems():
print "Switch ID : "+str(k)
#print "nilai v : "+str(v)
#print "v iteritems : "+str(v.iteritems)
for i,j in v.iteritems():
print "Port Number : "+str(i)
#print "nilai j : "+str(j)
if j >=5:
print "_____________________________________________________________________________________________"
print "\n DDOS DETECTED \n"
print "\n",str(diction)
print "\n",datetime.datetime.now(),": BLOCKED PORT NUMBER : ", str(i), " OF SWITCH ID: ", str(k)
print "\n___________________________________________________________________________________________"
#os._exit(0)
dpid = k
msg = of.ofp_packet_out(in_port=i) #drop paket
print msg
core.openflow.sendToDPID(dpid,msg)
diction={}
1 个解决方案
解决方案1
0 2018-07-06 14:20:50
I think you are missing the packet's buffer-id or the packet itself in the message that you send to the switch. 我认为您在发送到交换机的消息中缺少数据包的缓冲区ID或数据包本身。 Note that, you are dropping one packet. 请注意,您正在丢弃一个数据包。 It will not prevent from further packets arriving through that in-port. 它不会阻止其他数据包通过该端口到达。 If you want to block that in-port or better this flow, then you should install a flow matching rule that will drop all matching packets. 如果要阻止该端口或更好的该流,则应安装流匹配规则,该规则将丢弃所有匹配的数据包。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.