• Just a note that the best way to get support for current versions of NOX is through the issue tracker on the github repository.

  • The issue is with OpenFlow 1.0. It doesn’t do matches based on IPv6 — it’s simply not part of the specification. As far as I can figure, the flows being installed will just be matching ethernet addresses and the IPv6 ethertype — not the IP addresses. This seems very likely to be very problematic.

    Possible solutions are:
    1) Use something…[Read more]

  • Ah, that’d do it.

    First, the updated DNS parser should be in the POX dart branch. You’d need to ugprade. dns_spy hasn’t been updated to handle IPv6, though. You’d have to modify it to track AAAA records.

    Also, you can’t base such a solution on l2_learning while using IPv6. l2_learning only uses OpenFlow 1.0, which has no IPv6 support, so the…[Read more]

  • I hadn’t tested it at all. I’ve tested and made a minor fix now. It works for me. Try it again?

  • What does this do?
    ./pox.py forwarding.l2_learning no_facebook proto.dns_spy

    # ext/no_facebook.py

    from pox.core import core
    import pox.forwarding.l2_learning as l2l

    class BlockingSwitch (l2l.LearningSwitch):
    def _handle_PacketIn (self, event):
    ipp = event.parsed.find(‘ipv4′)
    if ipp:
    for name in…[Read more]

  • Try simplifying things. Don’t use a browser; just use telnet or something.

    Deactivate your blocking code. Try connecting to a server by its IP address and sending a GET request by hand. It should work.

    Activate your blocking code, but hardcode a block for a specific IP address. Try connecting with telnet to that IP address. It should trip…[Read more]

  • Are you sure you haven’t installed a table entry that matches the right packets?

    Are you sure the packet you’re looking at is the correct one? Check that it’s TCP with a destination of port 80, for example. Check the TCP payload. Is it an HTTP request?

    And what *is* the IP you’re looking at? Do a reverse lookup or something to figure out…[Read more]

  • There are some complicating factors here.

    First, your hosts may be caching the DNS replies. So when you restart POX, you may be losing the ones the host has already seen and cached. The best I’ve done to combat this in the past is to have POX save its mappings to a file (with a timestamp) when it closes and reload them when it starts…[Read more]

  • Adding a WAN port and a LAN port, running l2_learning, and DHCPing from a machine connected to the LAN port should work. You could simplify this even more by running forwarding.hub –proactive or whatever that is. If this doesn’t work, I think something strange is happening. I’d run Wireshark or something on the interfaces and see what’s…[Read more]

  • 1. As far as using a second OVS just to assign it an IP… okay. Though this isn’t especially necessary. If you have a single OVS, add the WAN port to it, have flow rules to allow the local port to communicate with the WAN port, and then run a DHCP client on the local port, it’ll work. Maybe your way is slightly easier.

    2. Yeah. So when…[Read more]

  • 1) Why have two OVS instances? Why not just one? And why is connecting to the internet any different than connecting to another host? You might have good answers to these questions, but I don’t think you’ve told me what they are.

    2) I am suggesting that you *modify* the proxy to do rate limiting or whatever you want. What you’re proposing…[Read more]

  • You could intercept the HTTP flows themselves. But why not just use a proxy server to this?

  • Murphy replied to the topic POX and bro-ids integration in the forum POX 1 week ago

    Ah. Your hosts quite possibly don’t have the routing entries they need. You may well have one host with an entry only for 192.168.1.x, and another with only an entry for 192.168.2.x, etc. — a /24 that they happen to be on, but the other hosts are NOT on. Or they may want a gateway or something. Make sure they’re configured with just…[Read more]

  • Murphy replied to the topic POX and bro-ids integration in the forum POX 1 week ago

    Before ICMP, you’d expect to see ARP. So the big question is… are you seeing the ARP packets? You should be able to check the ARP tables on both hosts, and you’d expect to *not* see an entry for the other IP, since it seems like it’s not working. So where *are* the ARP packets going (or not going)?

  • Murphy replied to the topic POX and bro-ids integration in the forum POX 1 week ago

    Have you tried one of the included forwarding components, like forwarding.l2_learning? forwarding.hub? Do they work?

    Have you tried monitoring the traffic entering the switch ports with Wireshark? Can you see it exiting?

  • Murphy replied to the topic Block website using Openflow/OVS switch in the forum POX 1 week ago

    A not super-secure but practical way to do this that I’ve used is to monitor/interpose on DNS. When someone looks up badsite.com, you will grab the reply. You can either install rules for all the IPs it returns, or cut down the reply to have fewer results so you don’t need to install as many rules. This doesn’t help for times when a single…[Read more]

  • Murphy replied to the topic POX and bro-ids integration in the forum POX 1 week ago

    Glad to hear you got OVS compiling. Hope it works out.

    I hope you’ve submitted info on the changes you needed to make somewhere!

  • Yeah, that sounds pretty weird to me too. You’re checking core.openflow_discovery.adjacency or whatever?

    I might try just watching LinkEvents and building your own adjacency list and seeing if it looks like you expect.

  • A first observation is that your MAC example doesn’t actually include the enqueue action.

    Second, Ethernet addresses in POX are of the EthAddr class (pox.lib.addresses.EthAddr) as mentioned in the manual (“Working with Addresses”). Sometimes strings work, but that can’t be relied upon. Try setting, for example, msg.match.dl_dst =…[Read more]

  • Murphy replied to the topic POX and bro-ids integration in the forum POX 2 weeks ago

    Here’s a thread where OVS on OpenWRT is discussed:

    https://mailman.stanford.edu/pipermail/openflow-discuss/2014-April/005309.html

    It’s low on technical details, but you might ask. You also might search the openflow-discuss archives, because I think there may have been other mentions.

    As far as the reference switch, this was done in the context…[Read more]

  • Load More