[pox-dev] help with openflow actions

Murphy McCauley murphy.mccauley at gmail.com
Tue May 12 12:51:47 PDT 2015 

The problem is probably that you're rewriting the IP addresses but not the Ethernet addresses.  In such a case, for example, .4 sees the rewritten packet, but it still has .2's Ethernet address.  .4 never even looks at the IP because the packet appears to be for someone else at the Ethernet layer.

-- Murphy

On May 12, 2015, at 12:07 PM, Kostas Chartsias <kchartsias at yahoo.gr> wrote:

>          msg = of.ofp_flow_mod()
>          msg.priority = 42
>          msg.match.dl_type=0x800
>          msg.idle_timeout = 40
>          msg.hard_timeout = 40
>          msg.match.nw_dst = IPAddr("10.0.0.2")
>          msg.actions.append(of.ofp_action_nw_addr.set_dst(IPAddr("10.0.0.4")))
>          msg.actions.append(of.ofp_action_output(port = 4))
>          self.connection.send(msg)
>          msg = of.ofp_flow_mod()
>          msg.priority = 42
>          msg.match.dl_type=0x800
>          msg.idle_timeout = 40
>          msg.hard_timeout = 40
>          msg.match.nw_dst = IPAddr(src_ip)
>          msg.actions.append(of.ofp_action_nw_addr.set_src(IPAddr("10.0.0.2")))
>          msg.actions.append(of.ofp_action_output(port = myport))
>          self.connection.send(msg)
> 
> I have a switch and 3 hosts.I assume that 10.0.0.3 is the attacker and 10.0.0.2 and 10.0.0.4 are two(supposed) honeypots.(i use mininet)
> When there are a lot of packets towards .2 honeypot i want to redirect the traffic to .4.So i install a rule for ip spoofing to .4 and i send it to port 4.Moreover there is a flow for the replies from 10.0.0.4.
> The thing is that i send echo requests to .2 ,switch succeessfully changes it to .4 and sends is from the correct port.But h4 drops it and doesn't send any echo reply.
> The even more bizzar thing is that i can ping from .4 to .3 and .3 sees is as .2.(ping show that packets drop,but with tcpdump i can see full duplex communication,wtf is going on) :/
> 
> I cannot understand if it's a pox bug when it modifies src or destination ip,or mininet bug.Or if you could suggest any other solution.
> To sum up the consept is,i want to send packets from .3 to .2 and when an event accurs to send them to .4 But the attacker should see that communicates always with .2 and not .4 (that's why i want to modify ip 2 times)
> Thanks in advance  !!!!
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noxrepo.org/pipermail/pox-dev-noxrepo.org/attachments/20150512/08d5f917/attachment.html>

More information about the pox-dev mailing list