Skip to content
Snippets Groups Projects
Commit f1ee75e3 authored by NGUYEN Do Duc Anh's avatar NGUYEN Do Duc Anh
Browse files

update deploy fw along with ids if it is the last node

parent c3f4f788
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
simple-IDS/custom_option.ml
+ 9
9
View file @ f1ee75e3
......@@ -141,9 +141,9 @@ let get_decision_list ip_dst attacker_ip_lst =
match IpV4Map.find_opt ip_dst !map_ip with Some path -> find_matching_attackers attacker_ip_lst path | None -> []
let read_and_append_custom_opt ip_src decision_list options_cs =
if Cstruct.length options_cs = 0 then (
if Cstruct.length options_cs = 0 then
(* Logs.err (fun m -> m "The packet has empty option while it should not!!"); *)
options_cs)
options_cs
else
let rec append_custom_opt options_cs =
if Cstruct.length options_cs = 0 then options_cs
......@@ -183,7 +183,7 @@ let read_and_append_custom_opt ip_src decision_list options_cs =
in
append_custom_opt options_cs
let rec read_custom_opt ip_src options_cs (node_id, node_inter_num) =
let rec read_custom_opt ip_src options_cs =
if Cstruct.length options_cs != 0 then
(* ( *)
(* Logs.err (fun m -> m "Save my own node ID: %d and interface number %d" node_id node_inter_num); *)
......@@ -197,7 +197,7 @@ let rec read_custom_opt ip_src options_cs (node_id, node_inter_num) =
()
| 1 ->
(* No Operation (NOP) *)
read_custom_opt ip_src (Cstruct.shift options_cs 1) (node_id, node_inter_num)
read_custom_opt ip_src (Cstruct.shift options_cs 1)
| 31 ->
(* Get custom option byte length *)
let option_length = Cstruct.get_uint8 options_cs 1 in
......@@ -214,7 +214,7 @@ let rec read_custom_opt ip_src options_cs (node_id, node_inter_num) =
| _ ->
(* For other options, copy them unchanged and move to the next option *)
let option_length = Cstruct.get_uint8 options_cs 1 in
read_custom_opt ip_src (Cstruct.shift options_cs option_length) (node_id, node_inter_num)
read_custom_opt ip_src (Cstruct.shift options_cs option_length)
(* match IpV4Map.find_opt ip_src !map_ip with
| Some (id_val, inter_val) ->
log_map !map_ip;
......
simple-IDS/ids.ml
+ 36
10
View file @ f1ee75e3
......@@ -19,11 +19,14 @@ let detect_and_output_private packet header frame inter_num output_private outpu
Lwt.return_unit
(* Otherwise unmarshal it, match rules with IPs, ports, proto *)
| Result.Ok (ipv4_hdr, payload) -> (
(match Rules.is_match_rule ids_rules (ipv4_hdr, payload) with
| false -> ()
let is_attack =
match Rules.is_match_rule ids_rules (ipv4_hdr, payload) with
| false -> false
| true ->
let ip = ipv4_hdr.src in
if not (List.mem ip !attacker_ip_lst) then attacker_ip_lst := ip :: !attacker_ip_lst);
if not (List.mem ip !attacker_ip_lst) then attacker_ip_lst := ip :: !attacker_ip_lst;
true
in
let options = ipv4_hdr.options in
(* match Ipaddr.V4.compare ipv4_hdr.src default_ignored_ip != 0 with *)
(* | false -> *)
......@@ -31,12 +34,22 @@ let detect_and_output_private packet header frame inter_num output_private outpu
(* output_private frame *)
(* | true -> ( *)
let decision_list = Custom_option.get_decision_list ipv4_hdr.dst !attacker_ip_lst in
match decision_list <> [] with
| false ->
match (decision_list <> [], is_attack, Cstruct.length options = 12) with
| false, false, _ ->
(* If the packet is NOT in the path of attacks, just look for registration request *)
Custom_option.read_custom_opt ipv4_hdr.src options (!node_id, inter_num);
Custom_option.read_custom_opt ipv4_hdr.src options;
output_private frame
| true ->
| false, true, false ->
Custom_option.read_custom_opt ipv4_hdr.src options;
output_private frame
| false, true, true ->
let new_options_cs = Custom_option.read_and_append_custom_opt ipv4_hdr.src [ (ipv4_hdr.src, !node_id, inter_num) ] options in
let new_ipv4_hdr = { ipv4_hdr with options = new_options_cs } in
let len_payload = Cstruct.length payload in
let new_ipv4_hdr_cs = Ipv4_packet.Marshal.make_cstruct ~payload_len:len_payload new_ipv4_hdr in
let new_packet = Cstruct.append new_ipv4_hdr_cs payload in
output_ether_private header.Ethernet.Packet.source header.Ethernet.Packet.destination new_packet
| true, false, _ ->
(* Logs.info (fun m -> m "New packet src IP: %s, dest IP: %s" (Ipaddr.V4.to_string ipv4_hdr.src) (Ipaddr.V4.to_string ipv4_hdr.dst)); *)
(* List.iter (fun (ip, id, inter) -> Logs.info (fun m -> m "IP: %s, ID: %d, Interface: %d" (Ipaddr.V4.to_string ip) id inter)) decision_list; *)
(* If the packet IS in the path of attacks, look for registration request AND embed reaction decisions *)
......@@ -45,5 +58,18 @@ let detect_and_output_private packet header frame inter_num output_private outpu
let len_payload = Cstruct.length payload in
let new_ipv4_hdr_cs = Ipv4_packet.Marshal.make_cstruct ~payload_len:len_payload new_ipv4_hdr in
let new_packet = Cstruct.append new_ipv4_hdr_cs payload in
output_ether_private header.Ethernet.Packet.source header.Ethernet.Packet.destination new_packet
| true, true, false ->
let new_options_cs = Custom_option.read_and_append_custom_opt ipv4_hdr.src decision_list options in
let new_ipv4_hdr = { ipv4_hdr with options = new_options_cs } in
let len_payload = Cstruct.length payload in
let new_ipv4_hdr_cs = Ipv4_packet.Marshal.make_cstruct ~payload_len:len_payload new_ipv4_hdr in
let new_packet = Cstruct.append new_ipv4_hdr_cs payload in
output_ether_private header.Ethernet.Packet.source header.Ethernet.Packet.destination new_packet
| true, true, true ->
let new_options_cs = Custom_option.read_and_append_custom_opt ipv4_hdr.src ((ipv4_hdr.src, !node_id, inter_num) :: decision_list) options in
let new_ipv4_hdr = { ipv4_hdr with options = new_options_cs } in
let len_payload = Cstruct.length payload in
let new_ipv4_hdr_cs = Ipv4_packet.Marshal.make_cstruct ~payload_len:len_payload new_ipv4_hdr in
let new_packet = Cstruct.append new_ipv4_hdr_cs payload in
output_ether_private header.Ethernet.Packet.source header.Ethernet.Packet.destination new_packet)
(* ) *)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment