From 4410e05e3ef0cd2758017063d0890a3d688afff2 Mon Sep 17 00:00:00 2001 From: Chris McCarthy Date: Fri, 5 Jul 2024 16:27:03 +0100 Subject: [PATCH] #2967 - Updated the DB filesize so that it doesn't fill the 100mbit link. moved the can transmit checks to the network interface to enable frame dropped syslog. narrowed the scope of the NODE_NMAP_PORT_SCAN action in nmap_port_scan_red_agent_config.yaml to select ports and protocols as the link was filling up on the full box scan. --- .../simulator/file_system/file_type.py | 2 +- src/primaite/simulator/network/airspace.py | 23 +++++++++--------- .../simulator/network/hardware/base.py | 24 +++++++++---------- .../network/hardware/nodes/network/switch.py | 16 ++++++++----- .../nmap_port_scan_red_agent_config.yaml | 6 +++++ .../configs/wireless_wan_network_config.yaml | 2 +- tests/conftest.py | 3 +-- 7 files changed, 42 insertions(+), 34 deletions(-) diff --git a/src/primaite/simulator/file_system/file_type.py b/src/primaite/simulator/file_system/file_type.py index 8f0cb778..e6e81070 100644 --- a/src/primaite/simulator/file_system/file_type.py +++ b/src/primaite/simulator/file_system/file_type.py @@ -185,5 +185,5 @@ file_type_sizes_bytes = { FileType.ZIP: 1024000, FileType.TAR: 1024000, FileType.GZ: 819200, - FileType.DB: 15360000, + FileType.DB: 5_000_000, } diff --git a/src/primaite/simulator/network/airspace.py b/src/primaite/simulator/network/airspace.py index 6060d969..2ac11a20 100644 --- a/src/primaite/simulator/network/airspace.py +++ b/src/primaite/simulator/network/airspace.py @@ -720,17 +720,18 @@ class WirelessNetworkInterface(NetworkInterface, ABC): :param frame: The network frame to be sent. :return: True if the frame is sent successfully, False if the network interface is disabled. """ - if self.enabled: - frame.set_sent_timestamp() - self.pcap.capture_outbound(frame) - if self.airspace.can_transmit_frame(frame, self): - self.airspace.transmit(frame, self) - return True - else: - # Cannot send Frame as the frequency bandwidth is at capacity - return False - # Cannot send Frame as the network interface is not enabled - return False + if not self.enabled: + return False + if not self.airspace.can_transmit_frame(frame, self): + # Drop frame for now. Queuing will happen here (probably) if it's done in the future. + self._connected_node.sys_log.info(f"{self}: Frame dropped as Link is at capacity") + return False + + super().send_frame(frame) + frame.set_sent_timestamp() + self.pcap.capture_outbound(frame) + self.airspace.transmit(frame, self) + return True def receive_frame(self, frame: Frame) -> bool: """ diff --git a/src/primaite/simulator/network/hardware/base.py b/src/primaite/simulator/network/hardware/base.py index 743b2e76..5ed27658 100644 --- a/src/primaite/simulator/network/hardware/base.py +++ b/src/primaite/simulator/network/hardware/base.py @@ -440,14 +440,17 @@ class WiredNetworkInterface(NetworkInterface, ABC): :param frame: The network frame to be sent. :return: True if the frame is sent, False if the Network Interface is disabled or not connected to a link. """ + if not self.enabled: + return False + if not self._connected_link.can_transmit_frame(frame): + # Drop frame for now. Queuing will happen here (probably) if it's done in the future. + self._connected_node.sys_log.info(f"{self}: Frame dropped as Link is at capacity") + return False super().send_frame(frame) - if self.enabled: - frame.set_sent_timestamp() - self.pcap.capture_outbound(frame) - self._connected_link.transmit_frame(sender_nic=self, frame=frame) - return True - # Cannot send Frame as the NIC is not enabled - return False + frame.set_sent_timestamp() + self.pcap.capture_outbound(frame) + self._connected_link.transmit_frame(sender_nic=self, frame=frame) + return True @abstractmethod def receive_frame(self, frame: Frame) -> bool: @@ -678,7 +681,7 @@ class Link(SimComponent): """ return self.endpoint_a.enabled and self.endpoint_b.enabled - def _can_transmit(self, frame: Frame) -> bool: + def can_transmit_frame(self, frame: Frame) -> bool: """ Determines whether a frame can be transmitted considering the current Link load and the Link's bandwidth. @@ -703,11 +706,6 @@ class Link(SimComponent): :param frame: The network frame to be sent. :return: True if the Frame can be sent, otherwise False. """ - can_transmit = self._can_transmit(frame) - if not can_transmit: - _LOGGER.debug(f"Cannot transmit frame as {self} is at capacity") - return False - receiver = self.endpoint_a if receiver == sender_nic: receiver = self.endpoint_b diff --git a/src/primaite/simulator/network/hardware/nodes/network/switch.py b/src/primaite/simulator/network/hardware/nodes/network/switch.py index 6eee0d40..1a7da2e7 100644 --- a/src/primaite/simulator/network/hardware/nodes/network/switch.py +++ b/src/primaite/simulator/network/hardware/nodes/network/switch.py @@ -58,12 +58,16 @@ class SwitchPort(WiredNetworkInterface): :param frame: The network frame to be sent. :return: A boolean indicating whether the frame was successfully sent. """ - if self.enabled: - self.pcap.capture_outbound(frame) - self._connected_link.transmit_frame(sender_nic=self, frame=frame) - return True - # Cannot send Frame as the SwitchPort is not enabled - return False + if not self.enabled: + return False + if not self._connected_link.can_transmit_frame(frame): + # Drop frame for now. Queuing will happen here (probably) if it's done in the future. + self._connected_node.sys_log.info(f"{self}: Frame dropped as Link is at capacity") + return False + + self.pcap.capture_outbound(frame) + self._connected_link.transmit_frame(sender_nic=self, frame=frame) + return True def receive_frame(self, frame: Frame) -> bool: """ diff --git a/tests/assets/configs/nmap_port_scan_red_agent_config.yaml b/tests/assets/configs/nmap_port_scan_red_agent_config.yaml index 08944ee5..8ed715c1 100644 --- a/tests/assets/configs/nmap_port_scan_red_agent_config.yaml +++ b/tests/assets/configs/nmap_port_scan_red_agent_config.yaml @@ -41,6 +41,12 @@ agents: options: source_node: client_1 target_ip_address: 192.168.10.0/24 + target_port: + - 21 + - 53 + - 80 + - 123 + - 219 reward_function: reward_components: diff --git a/tests/assets/configs/wireless_wan_network_config.yaml b/tests/assets/configs/wireless_wan_network_config.yaml index 684acaf7..7172f66d 100644 --- a/tests/assets/configs/wireless_wan_network_config.yaml +++ b/tests/assets/configs/wireless_wan_network_config.yaml @@ -10,7 +10,7 @@ game: simulation: network: airspace: - airspace_environment_type: blocked + airspace_environment_type: urban nodes: - type: computer hostname: pc_a diff --git a/tests/conftest.py b/tests/conftest.py index b8359323..a0117eb6 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -252,8 +252,7 @@ def example_network() -> Network: server_2.power_on() network.connect(endpoint_b=server_2.network_interface[1], endpoint_a=switch_1.network_interface[2]) - router_1.acl.add_rule(action=ACLAction.PERMIT, src_port=Port.ARP, dst_port=Port.ARP, position=22) - router_1.acl.add_rule(action=ACLAction.PERMIT, protocol=IPProtocol.ICMP, position=23) + router_1.acl.add_rule(action=ACLAction.PERMIT, position=1) assert all(link.is_up for link in network.links.values())