Fix for CVE-2018-1000155

Denial of Service, Improper Authentication and Authorization,
and Covert Channel in the OpenFlow 1.0+ handshake

Change-Id: Ifd285208266a1f331f3b802cb656349aad1782a9
8 files changed
tree: 0b256b8632aa980bf1c8093e9936bca5a7d7978b
  1. .buckconfig
  2. .dockerignore
  3. .gitignore
  4. .gitreview
  5. BUCK
  6. Dockerfile
  7. Jenkinsfile
  8. LICENSE.txt
  9. README.md
  10. apps/
  11. buck-tools/
  12. bucklets/
  13. cli/
  14. core/
  15. docs/
  16. drivers/
  17. features/
  18. incubator/
  19. lib/
  20. models/
  21. modules.defs
  22. onos.defs
  23. pipelines/
  24. pom.xml
  25. protocols/
  26. providers/
  27. tools/
  28. utils/
  29. web/
README.md

ONOS : Open Network Operating System

What is ONOS?

ONOS is a new SDN network operating system designed for high availability, performance, scale-out.

Top-Level Features

  • High availability through clustering and distributed state management.
  • Scalability through clustering and sharding of network device control.
  • Performance that is good for a first release, and which has an architecture that will continue to support improvements.
  • Northbound abstractions for a global network view, network graph, and application intents.
  • Pluggable southbound for support of OpenFlow and new or legacy protocols.
  • Graphical user interface to view multi-layer topologies and inspect elements of the topology.
  • REST API for access to Northbound abstractions as well as CLI commands.
  • CLI for debugging.
  • Support for both proactive and reactive flow setup.
  • SDN-IP application to support interworking with traditional IP networks controlled by distributed routing protocols such as BGP.
  • IP-Optical use case demonstration.

Checkout our website and our tools

Developer Quickstart

Code is hosted and maintained using gerrit.

The GitHub code is only a mirror. The ONOS project does not accept code through pull requests on GitHub, please do not submit them.

git clone https://gerrit.onosproject.org/onos

On Ubuntu/Debian, you can do the following.

Requirements

  • git
  • zip
  • curl
  • unzip # CentOS installations only
  • python # Version 2.7 is required
sudo apt-get install software-properties-common -y && \
sudo add-apt-repository ppa:webupd8team/java -y && \
sudo apt-get update && \
echo "oracle-java8-installer shared/accepted-oracle-license-v1-1 select true" | sudo debconf-set-selections && \
sudo apt-get install oracle-java8-installer oracle-java8-set-default -y

ONOS is built with Buck, an open-source build tool created by Facebook and inspired by Google. It is also in use by number of well-known projects, including all Facebook’s mobile apps, Gerrit, etc. By relying on explicit dependencies between targets and SHA hashes of files (rather than on timestamps), Buck avoids unnecessary work by recognizing whether or not a target artifact requires a rebuild. This also helps to increase reproducibility of builds.

ONOS currently uses a modified version of Buck, which has been packaged with ONOS. Please use this version until our changes have been upstreamed and released as part of an official Buck release.

Build

This will compile all source code assemble the installable onos.tar.gz, which is located in the buck-out directory. Note the --show-output option, which can be omitted, will display the path to this file.

export ONOS_ROOT=$(pwd)
tools/build/onos-buck build onos --show-output

Run

To run ONOS locally on the development machine, simply run the following command:

tools/build/onos-buck run onos-local -- clean debug

The above command will create a local installation from the onos.tar.gz file (re-building it if necessary) and will start the ONOS server in the background. In the foreground, it will display a continuous view of the ONOS (Apache Karaf) log file. Options following the double-dash (–) are passed through to the ONOS Apache Karaf and can be omitted. Here, the clean option forces a clean installation of ONOS and the debug option means that the default debug port 5005 will be available for attaching a remote debugger.

Attach

GUI or tools/test/bin/onos-gui localhost

To attach to the ONOS CLI console, run:

tools/test/bin/onos localhost

Mininet

To start up a Mininet network controlled by an ONOS instance that is already running on your development machine, you can use a command like:

sudo mn --controller remote,ip=<ONOS IP address> --topo torus,3,3

Note that you should replace with the IP address of your development machine where ONOS is running.

Test

To execute ONOS unit tests, including code Checkstyle validation, run the following command:

tools/build/onos-buck test

or more specific tests:

# All
tools/build/onos-buck test //drivers/ciena/waveserver:onos-drivers-ciena-waveserver-tests
# Only check style
tools/build/onos-buck test //drivers/ciena/waveserver:onos-drivers-ciena-waveserver-checkstyle

Commit

When you are ready to commit, use this guide

Help

Check out our: