class P0fAgent(Thread):
def __init__(self, peer_address, framework, session):
super().__init__()
self.config = GlobalConfig()
self.framework = framework
self.fs_sock = self.config['Framework']['p0f.fs_sock']
self.log = Logger().get('recon.p0fagent.P0fAgent')
self.peer_address = peer_address
self.session = session
def run(self):
p0f = P0f(self.fs_sock)
peer_info = None
try:
peer_info = p0f.get_info(self.peer_address)
except P0fException as e:
self.log.warn('p0f request failed for ' +
self.peer_address +
': ' + str(e))
return
except KeyError as e:
self.log.warn('p0f couldn\'t find any info for ' +
self.peer_address)
return
except ValueError as e:
self.log.warn('p0f returned bad data for ' +
self.peer_address)
return
except FileNotFoundError as e:
self.log.error('p0f filesystem socket not found')
return
except Exception as e:
self.log.error('unknown p0f error occurred on address ' +
self.peer_address + ': ' + str(e))
return
# prettify C/null-terminated byte arrays in p0f info dict
for key in peer_info.keys():
if type(peer_info[key]) == bytes:
decoded = peer_info[key].decode('utf-8')
peer_info[key] = decoded.partition('\x00')[0]
elif type(peer_info[key]) == datetime:
peer_info[key] = peer_info[key].isoformat()
elif type(peer_info[key]) == timedelta:
peer_info[key] = str(int(peer_info[key].total_seconds()))
elif type(peer_info[key]) == int:
peer_info[key] = str(peer_info[key])
data = { 'p0f': {
'session': self.session,
'first_seen': peer_info['first_seen'],
'last_seen': peer_info['last_seen'],
'uptime': peer_info['uptime'],
'last_nat': peer_info['last_nat'],
'last_chg': peer_info['last_chg'],
'distance': peer_info['distance'],
'bad_sw': peer_info['bad_sw'],
'os_name': peer_info['os_name'],
'os_flavor': peer_info['os_flavor'],
'os_match_q': peer_info['os_match_q'],
'http_name': peer_info['http_name'],
'http_flavor': peer_info['http_flavor'],
'total_conn': peer_info['total_conn'],
'link_type': peer_info['link_type'],
'language': peer_info['language']
}
}
self.framework.insert_data(data)
self.log.debug('p0f info for ' +
self.peer_address +
': ' +
str(peer_info))
class NetworkListener(Thread):
def __init__(self, listening_address, config, framework):
super().__init__()
self._config = config
self._listening_address = listening_address
self._port = config['port']
self._framework = framework
self._session_socket = None
self._lock = Lock()
self._running = False
self.__connection_count = 0
self._logger = Logger().get('framework.networklistener.NetworkListener')
@property
def connection_count(self):
with self._lock:
return self.__connection_count
@connection_count.setter
def connection_count(self, val):
with self._lock:
self.__connection_count = val
# Override
def run(self):
self._running = True
self._logger.info('%s plugin listener started on port %d'
% (self._config['moduleClass'], self._port))
while self._running:
try:
self._session_socket = socket.socket(
socket.AF_INET, socket.SOCK_STREAM)
self._session_socket.setsockopt(
socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
self._session_socket.bind((self._listening_address, self._port))
self._session_socket.listen(1)
self.start_listening(self._session_socket)
self._session_socket.close()
self.connection_count += 1
except OSError as e:
if e.errno == 24:
self._logger(self._config['instanceName'] + ': Too many open files.')
self._running = False
except Exception as e:
self._logger.warn(str(e))
self._logger.info('%s plugin listener on port %d shutting down'
% (self._config['moduleClass'], self._port))
self._session_socket = None
def start_listening(self, local_socket):
try:
(new_socket, addr) = local_socket.accept()
if self._running:
self._logger.info('New connection from %s on port %d'
% (addr, self._port))
self._framework.spawn(new_socket, self._config)
ipinfo_agent = IPInfoAgent(addr[0], self._framework,
self._config['instanceName'])
ipinfo_agent.start()
except ConnectionAbortedError as e:
if not self._running:
return
raise e
except OSError as e:
if e.errno == 22 and not self._running:
return
if e.errno == 24:
self._logger(self._config['instanceName'] + ': Too many open files.')
self._running = False
return
raise e
except Exception as e:
self._logger.error('Error on connection: %s' % e)
raise e
def shutdown(self):
self._running = False
try:
if self._session_socket:
if platform.system() == 'Linux':
self._session_socket.shutdown(socket.SHUT_RDWR)
else:
self._session_socket.close()
except Exception as e:
self._logger.warn('while closing socket: ' + str(e))
self.join()
