P4 Switch: Port Knocking

 

Check https://github.com/OpenState-SDN/ryu/wiki/Port-Knocking for more information.

 

[topology]

H1--- S1 -----H3

H2---

 

At H3, we will run a Simple HTTP server at 80 port. If H1 wants to connect to H3 and get a webpage, H1 needs to connect to H3 at 11 port first, then 12, 13, and finally 80 port.

 

[basic.p4]

/* -*- P4_16 -*- */

#include <core.p4>

#include <v1model.p4>

 

const bit<16> TYPE_IPV4 = 0x800;

 

/*************************************************************************

*********************** H E A D E R S  ***********************************

*************************************************************************/

 

typedef bit<9>  egressSpec_t;

typedef bit<48> macAddr_t;

typedef bit<32> ip4Addr_t;

 

register<bit<16>>(1024) prev_port;

register<bit<3>>(1024)  flow_state;  //port_list=[10,11,12,80], default:0(block) 10:1(block), 11:2(block), 12:3(block) 80:4 (accept)

 

header ethernet_t {

    macAddr_t dstAddr;

    macAddr_t srcAddr;

    bit<16>   etherType;

}

 

header ipv4_t {

    bit<4>    version;

    bit<4>    ihl;

    bit<8>    diffserv;

    bit<16>   totalLen;

    bit<16>   identification;

    bit<3>    flags;

    bit<13>   fragOffset;

    bit<8>    ttl;

    bit<8>    protocol;

    bit<16>   hdrChecksum;

    ip4Addr_t srcAddr;

    ip4Addr_t dstAddr;

}

 

header tcp_t {

    bit<16> srcPort;

    bit<16> dstPort;

    bit<32> seqNo;

    bit<32> ackNo;

    bit<4>  dataOffset;

    bit<4>  res;

    bit<8>  flags;

    bit<16> window;

    bit<16> checksum;

    bit<16> urgentPtr;

}

header udp_t {

    bit<16> srcPort;

    bit<16> dstPort;

    bit<16> udplength;

    bit<16> checksum;

}

 

struct metadata {

    bit<10>   flowlet_map_index;

    bit<16>   prev_port;

    bit<16>   curr_port;

    bit<3>    flow_state;

}

 

struct headers {

    ethernet_t   ethernet;

    ipv4_t       ipv4;

    tcp_t        tcp;

    udp_t       udp;

}

 

/*************************************************************************

*********************** P A R S E R  ***********************************

*************************************************************************/

 

parser MyParser(packet_in packet,

                out headers hdr,

                inout metadata meta,

                inout standard_metadata_t standard_metadata) {

 

    state start {

        transition parse_ethernet;

    }

 

    state parse_ethernet {

        packet.extract(hdr.ethernet);

        transition select(hdr.ethernet.etherType) {

            TYPE_IPV4: parse_ipv4;

            default: accept;

        }

    }

 

    state parse_ipv4 {

        packet.extract(hdr.ipv4);

        transition select(hdr.ipv4.protocol) {

            0x06: parse_tcp;

            0x11: parse_udp;

            default: accept;

        }

    }

 

    state parse_tcp {

        packet.extract(hdr.tcp);

        transition accept;  

    }

  

    state parse_udp {

        packet.extract(hdr.udp);

        transition accept;  

    }

 

}

 

/*************************************************************************

************   C H E C K S U M    V E R I F I C A T I O N   *************

*************************************************************************/

 

control MyVerifyChecksum(inout headers hdr, inout metadata meta) {  

    apply {  }

}

 

 

/*************************************************************************

**************  I N G R E S S   P R O C E S S I N G   *******************

*************************************************************************/

 

control MyIngress(inout headers hdr,

                  inout metadata meta,

                  inout standard_metadata_t standard_metadata) {

 

    action check_register() {

        hash(meta.flowlet_map_index, HashAlgorithm.crc16, (bit<16>)0, { hdr.ipv4.srcAddr }, (bit<32>)1024);

        prev_port.read(meta.prev_port, (bit<32>)meta.flowlet_map_index);

        flow_state.read(meta.flow_state, (bit<32>)meta.flowlet_map_index);

        meta.curr_port=hdr.tcp.dstPort;

    }  

 

    action state1() {

        hash(meta.flowlet_map_index, HashAlgorithm.crc16, (bit<16>)0, { hdr.ipv4.srcAddr }, (bit<32>)1024);

        flow_state.write((bit<32>)meta.flowlet_map_index, 1);

        prev_port.write((bit<32>)meta.flowlet_map_index, hdr.tcp.dstPort); 

    }

 

    action state2() {

        hash(meta.flowlet_map_index, HashAlgorithm.crc16, (bit<16>)0, { hdr.ipv4.srcAddr }, (bit<32>)1024);

        flow_state.write((bit<32>)meta.flowlet_map_index, 2);

        prev_port.write((bit<32>)meta.flowlet_map_index, hdr.tcp.dstPort); 

    }

 

    action state3() {

        hash(meta.flowlet_map_index, HashAlgorithm.crc16, (bit<16>)0, { hdr.ipv4.srcAddr }, (bit<32>)1024);

        flow_state.write((bit<32>)meta.flowlet_map_index, 3);

        prev_port.write((bit<32>)meta.flowlet_map_index, hdr.tcp.dstPort); 

    }

 

    action state4() {

        hash(meta.flowlet_map_index, HashAlgorithm.crc16, (bit<16>)0, { hdr.ipv4.srcAddr }, (bit<32>)1024);

        flow_state.write((bit<32>)meta.flowlet_map_index, 4);

        prev_port.write((bit<32>)meta.flowlet_map_index, hdr.tcp.dstPort); 

    }

  

    action reset_state() {

        hash(meta.flowlet_map_index, HashAlgorithm.crc16, (bit<16>)0, { hdr.ipv4.srcAddr }, (bit<32>)1024);

        flow_state.write((bit<32>)meta.flowlet_map_index, 0);

        prev_port.write((bit<32>)meta.flowlet_map_index, 0); 

    }

  

    action drop() {

        mark_to_drop();

    }

   

    action forward(egressSpec_t port) {

        standard_metadata.egress_spec = port;

    }

   

    table ip_forward {

        key = {

            hdr.ipv4.dstAddr: exact;

        }

        actions = {

            forward;

            drop;

        }

        size = 1024;

        default_action = drop();

    }

   

    apply {

         if (hdr.tcp.isValid() && hdr.tcp.flags==2 && 1==1) {

               check_register();

           if(meta.flow_state==4) {

             ip_forward.apply();    

           } else {

              if(meta.flow_state==0 && meta.curr_port==10){

                 state1();

                 drop();

              } else if(meta.flow_state==1 && meta.curr_port==11){

                 state2();

                 drop();

              } else if(meta.flow_state==2 && meta.curr_port==12){

                 state3();

                 drop();

              } else if(meta.flow_state==3 && meta.curr_port==80){

                 state4();

                 ip_forward.apply();

              } else {

                 reset_state();

                 drop();

              }

           }

 

         } else {

           ip_forward.apply();

         }

    }

}

 

/*************************************************************************

****************  E G R E S S   P R O C E S S I N G   *******************

*************************************************************************/

 

control MyEgress(inout headers hdr,

                 inout metadata meta,

                 inout standard_metadata_t standard_metadata) {

    apply {  }

}

 

/*************************************************************************

*************   C H E C K S U M    C O M P U T A T I O N   **************

*************************************************************************/

 

control MyComputeChecksum(inout headers  hdr, inout metadata meta) {

     apply {

        update_checksum(

            hdr.ipv4.isValid(),

            { hdr.ipv4.version,

              hdr.ipv4.ihl,

              hdr.ipv4.diffserv,

              hdr.ipv4.totalLen,

              hdr.ipv4.identification,

              hdr.ipv4.flags,

              hdr.ipv4.fragOffset,

              hdr.ipv4.ttl,

              hdr.ipv4.protocol,

              hdr.ipv4.srcAddr,

              hdr.ipv4.dstAddr },

            hdr.ipv4.hdrChecksum,

            HashAlgorithm.csum16);

    }

}

 

/*************************************************************************

***********************  D E P A R S E R  *******************************

*************************************************************************/

 

control MyDeparser(packet_out packet, in headers hdr) {

    apply {

        packet.emit(hdr.ethernet);

        packet.emit(hdr.ipv4);

        packet.emit(hdr.tcp);

        packet.emit(hdr.udp);

    }

}

 

/*************************************************************************

***********************  S W I T C H  *******************************

*************************************************************************/

 

V1Switch(

MyParser(),

MyVerifyChecksum(),

MyIngress(),

MyEgress(),

MyComputeChecksum(),

MyDeparser()

) main;

 

[test_topo.py]

import os

from mininet.net import Mininet

from mininet.topo import Topo

from mininet.log import setLogLevel, info

from mininet.cli import CLI

from mininet.node import RemoteController

 

from p4_mininet import P4Switch, P4Host

 

import argparse

from time import sleep

 

parser = argparse.ArgumentParser(description='Mininet demo')

parser.add_argument('--behavioral-exe', help='Path to behavioral executable',

                    type=str, action="store", required=False, default='simple_switch' )

parser.add_argument('--thrift-port', help='Thrift server port for table updates',

                    type=int, action="store", default=9090)

parser.add_argument('--num-hosts', help='Number of hosts to connect to switch',

                    type=int, action="store", default=2)

parser.add_argument('--mode', choices=['l2', 'l3'], type=str, default='l3')

parser.add_argument('--json', help='Path to JSON config file',

                    type=str, action="store", required=True)

parser.add_argument('--pcap-dump', help='Dump packets on interfaces to pcap files',

                    type=str, action="store", required=False, default=False)

 

args = parser.parse_args()

 

class SingleSwitchTopo(Topo):

    def __init__(self, sw_path, json_path, thrift_port, pcap_dump, **opts):

        Topo.__init__(self, **opts)

        switch1 = self.addSwitch('s1', sw_path = sw_path, json_path = json_path, thrift_port = thrift_port,cls = P4Switch ,pcap_dump = pcap_dump)

                       

        host1 = self.addHost('h1', mac = '00:00:00:00:00:01', ip='10.0.0.1/24')

        host2 = self.addHost('h2', mac = '00:00:00:00:00:02', ip='10.0.0.2/24')

        host3 = self.addHost('h3', mac = '00:00:00:00:00:03', ip='10.0.0.3/24')

        self.addLink(host1, switch1, port1 = 0, port2 = 1)

        self.addLink(host2, switch1, port1 = 0, port2 = 2)

        self.addLink(host3, switch1, port1 = 0, port2 = 3)

       

def main():

    topo = SingleSwitchTopo(args.behavioral_exe, args.json, args.thrift_port, args.pcap_dump)

    net = Mininet(topo = topo, host = P4Host, controller = None)

    net.start()

 

    h1,h2,h3=net.get('h1','h2','h3')

    h1.cmd("arp -s 10.0.0.2 00:00:00:00:00:02")

    h1.cmd("arp -s 10.0.0.3 00:00:00:00:00:03")

    h2.cmd("arp -s 10.0.0.1 00:00:00:00:00:01")

    h2.cmd("arp -s 10.0.0.3 00:00:00:00:00:03")

    h3.cmd("arp -s 10.0.0.1 00:00:00:00:00:01")

    h3.cmd("arp -s 10.0.0.2 00:00:00:00:00:02")

 

    sleep(1)

 

    print('\033[0;32m'),

    print "Gotcha!"

    print('\033[0m')

 

    CLI(net)

    try:

        net.stop()

    except:

        print('\033[0;31m'),

        print('Stop error! Trying sudo mn -c')

        print('\033[0m')

        os.system('sudo mn -c')

        print('\033[0;32m'),

        print ('Stop successfully!')

        print('\033[0m')

 

if __name__ == '__main__':

    setLogLevel('info')

    main()

 

[start_test_topo.py]

import os

os.system("sudo python test_topo.py --behavioral-exe /home/user/behavioral-model/targets/simple_switch/simple_switch --json basic.json")

 

[cmd.txt]

table_add ip_forward forward 10.0.0.1 => 1

table_add ip_forward forward 10.0.0.2 => 2

table_add ip_forward forward 10.0.0.3 => 3

 

[cmd_add.py]

import os

os.system('sudo /home/user/behavioral-model/targets/simple_switch/simple_switch_CLI --thrift-port=9090 < cmd.txt')

 

[p4_mininet.py]

# Copyright 2013-present Barefoot Networks, Inc.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#   http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

#

 

from mininet.net import Mininet

from mininet.node import Switch, Host

from mininet.log import setLogLevel, info, error, debug

from mininet.moduledeps import pathCheck

from sys import exit

import os

import tempfile

import socket

 

class P4Host(Host):

    def config(self, **params):

        r = super(Host, self).config(**params)

 

        self.defaultIntf().rename("eth0")

 

        for off in ["rx", "tx", "sg"]:

            cmd = "/sbin/ethtool --offload eth0 %s off" % off

            self.cmd(cmd)

 

        # disable IPv6

        self.cmd("sysctl -w net.ipv6.conf.all.disable_ipv6=1")

        self.cmd("sysctl -w net.ipv6.conf.default.disable_ipv6=1")

        self.cmd("sysctl -w net.ipv6.conf.lo.disable_ipv6=1")

 

        return r

 

    def describe(self):

        print "**********"

        print self.name

        print "default interface: %s\t%s\t%s" %(

            self.defaultIntf().name,

            self.defaultIntf().IP(),

            self.defaultIntf().MAC()

        )

        print "**********"

 

class P4Switch(Switch):

    """P4 virtual switch"""

    device_id = 0

 

    def __init__(self, name, sw_path = None, json_path = None,

                 thrift_port = None,

                 pcap_dump = False,

                 log_console = True,

                 verbose = True,

                 device_id = None,

                 enable_debugger = False,

                 **kwargs):

        Switch.__init__(self, name, **kwargs)

        assert(sw_path)

        assert(json_path)

        # make sure that the provided sw_path is valid

        pathCheck(sw_path)

        # make sure that the provided JSON file exists

        if not os.path.isfile(json_path):

            error("Invalid JSON file.\n")

            exit(1)

        self.sw_path = sw_path

        self.json_path = json_path

        self.verbose = verbose

        logfile = "/tmp/p4s.{}.log".format(self.name)

        self.output = open(logfile, 'w')

        self.thrift_port = thrift_port

        self.pcap_dump = pcap_dump

        self.enable_debugger = enable_debugger

        self.log_console = log_console

        if device_id is not None:

            self.device_id = device_id

            P4Switch.device_id = max(P4Switch.device_id, device_id)

        else:

            self.device_id = P4Switch.device_id

            P4Switch.device_id += 1

        self.nanomsg = "ipc:///tmp/bm-{}-log.ipc".format(self.device_id)

 

    @classmethod

    def setup(cls):

        pass

 

    def check_switch_started(self, pid):

        """While the process is running (pid exists), we check if the Thrift

        server has been started. If the Thrift server is ready, we assume that

        the switch was started successfully. This is only reliable if the Thrift

        server is started at the end of the init process"""

        while True:

            if not os.path.exists(os.path.join("/proc", str(pid))):

                return False

            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

            sock.settimeout(0.5)

            result = sock.connect_ex(("localhost", self.thrift_port))

            if result == 0:

                return  True

 

    def start(self, controllers):

        "Start up a new P4 switch"

        info("Starting P4 switch {}.\n".format(self.name))

        args = [self.sw_path]

        for port, intf in self.intfs.items():

            if not intf.IP():

                args.extend(['-i', str(port) + "@" + intf.name])

 

        #wuwzhs edit in 2017/11/10

        #args.extend(['-i 3@veth1'])

 

        if self.pcap_dump:

            args.append("--pcap")

            # args.append("--useFiles")

        if self.thrift_port:

            args.extend(['--thrift-port', str(self.thrift_port)])

        if self.nanomsg:

            args.extend(['--nanolog', self.nanomsg])

        args.extend(['--device-id', str(self.device_id)])

        P4Switch.device_id += 1

        args.append(self.json_path)

        if self.enable_debugger:

            args.append("--debugger")

        if self.log_console:

            args.append("--log-console")

        logfile = "/tmp/p4s.{}.log".format(self.name)

        info(' '.join(args) + "\n")

 

        pid = None

        with tempfile.NamedTemporaryFile() as f:

            # self.cmd(' '.join(args) + ' > /dev/null 2>&1 &')

            self.cmd(' '.join(args) + ' >' + logfile + ' 2>&1 & echo $! >> ' + f.name)

            pid = int(f.read())

        debug("P4 switch {} PID is {}.\n".format(self.name, pid))

        if not self.check_switch_started(pid):

            error("P4 switch {} did not start correctly.\n".format(self.name))

            exit(1)

        info("P4 switch {} has been started.\n".format(self.name))

 

    def stop(self):

        "Terminate P4 switch."

        self.output.flush()

        self.cmd('kill %' + self.sw_path)

        self.cmd('wait')

        self.deleteIntfs()

 

    def attach(self, intf):

        "Connect a data port"

        assert(0)

 

    def detach(self, intf):

        "Disconnect a data port"

        assert(0)

 

[execution]

 

Open two terminals for h1 and h3. If h1 directly connect to h3:80, it does not work.

 

If h1 can connect to 10,11,12, and 80 port, the http request can work.

 

Note: In some environment, curl will retry to connect to the server. So the connecting port list may be like this [10 10 11 11 12 80]. This will not work for the above code. Then I try to modify the p4 to make it work. [modified at 2019/8/10]

 

[basic.p4]

/* -*- P4_16 -*- */

#include <core.p4>

#include <v1model.p4>

 

const bit<16> TYPE_IPV4 = 0x800;

 

/*************************************************************************

*********************** H E A D E R S  ***********************************

*************************************************************************/

 

typedef bit<9>  egressSpec_t;

typedef bit<48> macAddr_t;

typedef bit<32> ip4Addr_t;

 

register<bit<16>>(1024) prev_port;  //port_list=[10,11,12,80]

register<bit<3>>(1024)  flow_state; //0:block 1:accept 

 

header ethernet_t {

    macAddr_t dstAddr;

    macAddr_t srcAddr;

    bit<16>   etherType;

}

 

header ipv4_t {

    bit<4>    version;

    bit<4>    ihl;

    bit<8>    diffserv;

    bit<16>   totalLen;

    bit<16>   identification;

    bit<3>    flags;

    bit<13>   fragOffset;

    bit<8>    ttl;

    bit<8>    protocol;

    bit<16>   hdrChecksum;

    ip4Addr_t srcAddr;

    ip4Addr_t dstAddr;

}

 

header tcp_t {

    bit<16> srcPort;

    bit<16> dstPort;

    bit<32> seqNo;

    bit<32> ackNo;

    bit<4>  dataOffset;

    bit<4>  res;

    bit<8>  flags;

    bit<16> window;

    bit<16> checksum;

    bit<16> urgentPtr;

}

header udp_t {

    bit<16> srcPort;

    bit<16> dstPort;

    bit<16> udplength;

    bit<16> checksum;

}

 

struct metadata {

    bit<10>   flowlet_map_index;

    bit<16>   prev_port;

    bit<16>   curr_port;

    bit<3>    flow_state;

}

 

struct headers {

    ethernet_t   ethernet;

    ipv4_t       ipv4;

    tcp_t        tcp;

    udp_t       udp;

}

 

/*************************************************************************

*********************** P A R S E R  ***********************************

*************************************************************************/

 

parser MyParser(packet_in packet,

                out headers hdr,

                inout metadata meta,

                inout standard_metadata_t standard_metadata) {

 

    state start {

        transition parse_ethernet;

    }

 

    state parse_ethernet {

        packet.extract(hdr.ethernet);

        transition select(hdr.ethernet.etherType) {

            TYPE_IPV4: parse_ipv4;

            default: accept;

        }

    }

 

    state parse_ipv4 {

        packet.extract(hdr.ipv4);

        transition select(hdr.ipv4.protocol) {

            0x06: parse_tcp;

            0x11: parse_udp;

            default: accept;

        }

    }

 

    state parse_tcp {

        packet.extract(hdr.tcp);

        meta.curr_port=hdr.tcp.dstPort;

        transition accept;  

    }

  

    state parse_udp {

        packet.extract(hdr.udp);

        transition accept;   

    }

 

}

 

/*************************************************************************

************   C H E C K S U M    V E R I F I C A T I O N   *************

*************************************************************************/

 

control MyVerifyChecksum(inout headers hdr, inout metadata meta) {  

    apply {  }

}

 

 

/*************************************************************************

**************  I N G R E S S   P R O C E S S I N G   *******************

*************************************************************************/

 

control MyIngress(inout headers hdr,

                  inout metadata meta,

                  inout standard_metadata_t standard_metadata) {

 

    action check_register() {

        hash(meta.flowlet_map_index, HashAlgorithm.crc16, (bit<16>)0, { hdr.ipv4.srcAddr }, (bit<32>)1024);

        prev_port.read(meta.prev_port, (bit<32>)meta.flowlet_map_index);

        flow_state.read(meta.flow_state, (bit<32>)meta.flowlet_map_index);

    }  

 

    action state1() {

        hash(meta.flowlet_map_index, HashAlgorithm.crc16, (bit<16>)0, { hdr.ipv4.srcAddr }, (bit<32>)1024);

        prev_port.write((bit<32>)meta.flowlet_map_index, hdr.tcp.dstPort); 

    }

 

    action state2() {

        hash(meta.flowlet_map_index, HashAlgorithm.crc16, (bit<16>)0, { hdr.ipv4.srcAddr }, (bit<32>)1024);

        prev_port.write((bit<32>)meta.flowlet_map_index, hdr.tcp.dstPort); 

    }

 

    action state3() {

        hash(meta.flowlet_map_index, HashAlgorithm.crc16, (bit<16>)0, { hdr.ipv4.srcAddr }, (bit<32>)1024);

        prev_port.write((bit<32>)meta.flowlet_map_index, hdr.tcp.dstPort); 

    }

 

    action state4() {

        hash(meta.flowlet_map_index, HashAlgorithm.crc16, (bit<16>)0, { hdr.ipv4.srcAddr }, (bit<32>)1024);

        flow_state.write((bit<32>)meta.flowlet_map_index, 1);

        prev_port.write((bit<32>)meta.flowlet_map_index, hdr.tcp.dstPort); 

    }

  

    action reset_state() {

        hash(meta.flowlet_map_index, HashAlgorithm.crc16, (bit<16>)0, { hdr.ipv4.srcAddr }, (bit<32>)1024);

        flow_state.write((bit<32>)meta.flowlet_map_index, 0);

        prev_port.write((bit<32>)meta.flowlet_map_index, 0); 

    }

  

    action drop() {

        mark_to_drop(standard_metadata);

    }

   

    action forward(egressSpec_t port) {

        standard_metadata.egress_spec = port;

    }

   

    table ip_forward {

        key = {

            hdr.ipv4.dstAddr: exact;

        }

        actions = {

            forward;

            drop;

        }

        size = 1024;

        default_action = drop();

    }

   

    apply {

         if (hdr.tcp.isValid() && hdr.tcp.flags==2 && 1==1){

           check_register();

           if(meta.flow_state==1) {

             ip_forward.apply();    

           } else {

              if(meta.curr_port==10){

                if(meta.prev_port==0 || meta.prev_port==10)

                  state1();

                else

                  reset_state();

                drop();

              } else if (meta.curr_port==11) {

                if(meta.prev_port==10 || meta.prev_port==11)

                  state2();

                else

                  reset_state();

                drop();

              } else if (meta.curr_port==12) {

                if(meta.prev_port==11 || meta.prev_port==12)

                  state2();

                else

                  reset_state();

                drop();

              } else if (meta.curr_port==80) {

                if(meta.prev_port==12) {

                  state4();

                  ip_forward.apply();

                } else {

                  reset_state();

                  drop();       

                }

              } else {

               reset_state();

                 drop();

              }

           }

 

         } else {

           ip_forward.apply();

         }

    }

}

 

/*************************************************************************

****************  E G R E S S   P R O C E S S I N G   *******************

*************************************************************************/

 

control MyEgress(inout headers hdr,

                 inout metadata meta,

                 inout standard_metadata_t standard_metadata) {

    apply {  }

}

 

/*************************************************************************

*************   C H E C K S U M    C O M P U T A T I O N   **************

*************************************************************************/

 

control MyComputeChecksum(inout headers  hdr, inout metadata meta) {

     apply {

        update_checksum(

            hdr.ipv4.isValid(),

            { hdr.ipv4.version,

              hdr.ipv4.ihl,

              hdr.ipv4.diffserv,

              hdr.ipv4.totalLen,

              hdr.ipv4.identification,

              hdr.ipv4.flags,

              hdr.ipv4.fragOffset,

              hdr.ipv4.ttl,

              hdr.ipv4.protocol,

              hdr.ipv4.srcAddr,

              hdr.ipv4.dstAddr },

            hdr.ipv4.hdrChecksum,

            HashAlgorithm.csum16);

    }

}

 

/*************************************************************************

***********************  D E P A R S E R  *******************************

*************************************************************************/

 

control MyDeparser(packet_out packet, in headers hdr) {

    apply {

        packet.emit(hdr.ethernet);

        packet.emit(hdr.ipv4);

        packet.emit(hdr.tcp);

        packet.emit(hdr.udp);

    }

}

 

/*************************************************************************

***********************  S W I T C H  *******************************

*************************************************************************/

 

V1Switch(

MyParser(),

MyVerifyChecksum(),

MyIngress(),

MyEgress(),

MyComputeChecksum(),

MyDeparser()

) main;

 

 

Dr. Chih-Heng Ke (smallko@gmail.com)

Department of Computer Science and Information Engineering,

National Quemoy University, Kinmen, Taiwan.