Added tor.p4 to p4src
Change-Id: I8c3a02dee76cbe45e0f9a4f7ca1f93a6f1d8a016
diff --git a/tools/test/p4src/tor/spoof_protection.p4 b/tools/test/p4src/tor/spoof_protection.p4
new file mode 100644
index 0000000..2c14f67
--- /dev/null
+++ b/tools/test/p4src/tor/spoof_protection.p4
@@ -0,0 +1,47 @@
+// Copyright (c) 2017, Google Inc.
+//
+// P4_16 specification dhcp spoof table.
+// Note: This code has not been tested and is expected to contain bugs.
+
+#ifndef P4_SPEC_SPOOF_PROTECTION_P4_
+#define P4_SPEC_SPOOF_PROTECTION_P4_
+
+#include "headers.p4"
+#include "parser.p4"
+
+//------------------------------------------------------------------------------
+// Spoof protection
+//------------------------------------------------------------------------------
+
+control spoof_protection(inout parsed_packet_t hdr,
+ inout local_metadata_t local_metadata,
+ inout standard_metadata_t standard_metadata) {
+
+ @proto_package("spoof_protection")
+ action drop_packet() {
+ mark_to_drop();
+ }
+
+ // Drop all DHCP response packets to all host-facing ports.
+ // This protects against a host sending a DHCP response to another host
+ // directly and hijacking the DHCP session
+ // (i.e. spoof the installer/DHCP-Relay app).
+ @proto_package("spoof_protection")
+ table dhcp_spoof_protection_table {
+ key = {
+ local_metadata.l4_dst_port: exact @proto_tag(1);
+ standard_metadata.egress_spec: exact @proto_tag(2);
+ }
+ actions = {
+ @proto_tag(1) drop_packet;
+ }
+ }
+
+ apply {
+ if(hdr.udp.isValid()) {
+ dhcp_spoof_protection_table.apply();
+ }
+ }
+} // end spoof_protection
+
+#endif // P4_SPEC_SPOOF_PROTECTION_P4_