Snort Integrate:

Remove the wrong way to get IP and bind with it. Binding with '0.0.0.0' and listen on all host. Update and fix typos in the snort_integrate.rst document. Fix the problem about pigrelay reconnect to ryu will not be accepted. Pigrelay is a program running on Snort that receive Snort alert from UNIX socket and send to Ryu via network socket. Signed-off-by: Che-Wei Lin <linton.tw@gmail.com> Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
author: Che-Wei Lin <linton.tw@gmail.com> 2014-09-07 20:58:35 +0800
committer: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> 2014-09-07 22:32:16 +0900
commit: aa21f3d0527f2e8fb1ec4977e65ee1aaa4028508 (patch)
tree: fe8dda88621db93d0d8aa2bfa38f42b97ce546ce
parent: acec42118095c0642bbc9b8dfbb584520b7681b9 (diff)
2 files changed, 16 insertions, 15 deletions
diff --git a/doc/source/snort_integrate.rst b/doc/source/snort_integrate.rst
index f6b593d7..bec56195 100644
--- a/doc/source/snort_integrate.rst
+++ b/doc/source/snort_integrate.rst
@@ -7,6 +7,8 @@ This document describes how to integrate Ryu with Snort.
 Overview
 ====
 
+There are two options can send alert to Ryu controller. The Option 1 is easier if you just want to demonstrate or test. Since Snort need very large computation power for analyzing packets you can choose Option 2 to separate them.  
+
 **[Option 1] Ryu and Snort are on the same machine**
 ::
 
@@ -40,7 +42,7 @@ The above depicts Ryu and Snort architecture. Ryu receives Snort alert packet vi
                 +----------+   +----------+
 
 
-**\*CP: Controller Plane**
+**\*CP: Control Plane**
 
 The above depicts Ryu and Snort architecture. Ryu receives Snort alert packet via **Network Socket** . To monitor packets between HostA and HostB, installing a flow that mirrors packets to Snort.
 
@@ -92,7 +94,7 @@ The incoming packets will all mirror to **port 3** which should be connect to Sn
 3. Run Snort: ::
 
     $ sudo -i
-    $ sudo snort -i eth1 -A unsock -l /tmp -c /etc/snort/snort.conf
+    $ snort -i eth1 -A unsock -l /tmp -c /etc/snort/snort.conf
 
 4. Send an ICMP packet from HostA (192.168.8.40) to HostB (192.168.8.50): ::
 
@@ -114,20 +116,20 @@ The incoming packets will all mirror to **port 3** which should be connect to Sn
 
 2. Run Ryu with sample application (On the Controller): ::
 
-    $ sudo ./bin/ryu-manager ryu/app/simple_switch_snort.py
+    $ ./bin/ryu-manager ryu/app/simple_switch_snort.py
 
 3. Run Snort (On the Snort machine): ::
 
     $ sudo -i
-    $ sudo snort -i eth1 -A unsock -l /tmp -c /etc/snort/snort.conf
+    $ snort -i eth1 -A unsock -l /tmp -c /etc/snort/snort.conf
 
-4. Run ``unsock2nwsock.py`` (On the Snort machine): ::
+4. Run ``pigrelay.py`` (On the Snort machine): ::
 
-    $ sudo python unsock2nwsock.py
+    $ sudo python pigrelay.py
 
 This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket.
 
-You can clone the script over here. https://gist.github.com/John-Lin/9408ab716df57dbe32ca
+You can clone the source code from this repo. https://github.com/John-Lin/pigrelay
 
 
 5. Send an ICMP packet from HostA (192.168.8.40) to HostB (192.168.8.50): ::
diff --git a/ryu/lib/snortlib.py b/ryu/lib/snortlib.py
index 2773585f..8682d4b6 100644
--- a/ryu/lib/snortlib.py
+++ b/ryu/lib/snortlib.py
@@ -47,13 +47,11 @@ class SnortLib(app_manager.RyuApp):
 
     def start_socket_server(self):
         if not self.config.get('unixsock'):
-            self.config['ip'] = hub.socket.gethostbyname(hub.socket.
-                                                         gethostname())
+
             if self.config.get('port') is None:
                 self.config['port'] = 51234
 
-            self._start_recv_nw_sock(self.config.get('ip'),
-                                     self.config.get('port'))
+            self._start_recv_nw_sock(self.config.get('port'))
         else:
             self._start_recv()
 
@@ -76,20 +74,21 @@ class SnortLib(app_manager.RyuApp):
         self.sock.bind(SOCKFILE)
         hub.spawn(self._recv_loop)
 
-    def _start_recv_nw_sock(self, ip, port):
+    def _start_recv_nw_sock(self, port):
 
         self.nwsock = hub.socket.socket(hub.socket.AF_INET,
                                         hub.socket.SOCK_STREAM)
-        self.nwsock.bind((ip, port))
+        self.nwsock.bind(('0.0.0.0', port))
         self.nwsock.listen(5)
-        self.conn, addr = self.nwsock.accept()
 
         hub.spawn(self._recv_loop_nw_sock)
 
     def _recv_loop_nw_sock(self):
         self.logger.info("Network socket server start listening...")
         while True:
-            data = self.conn.recv(BUFSIZE, hub.socket.MSG_WAITALL)
+            conn, addr = self.nwsock.accept()
+            self.logger.info("Connected with %s", addr[0])
+            data = conn.recv(BUFSIZE, hub.socket.MSG_WAITALL)
 
             if len(data) == BUFSIZE:
                 msg = alert.AlertPkt.parser(data)
author	Che-Wei Lin <linton.tw@gmail.com>	2014-09-07 20:58:35 +0800
committer	FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>	2014-09-07 22:32:16 +0900
commit	aa21f3d0527f2e8fb1ec4977e65ee1aaa4028508 (patch)
tree	fe8dda88621db93d0d8aa2bfa38f42b97ce546ce
parent	acec42118095c0642bbc9b8dfbb584520b7681b9 (diff)