def interface_from_name(name):
try:
return pcappy.open_live(name, snaplen=65535)
except pcappy.PcapPyException:
msg = "Can't open interface %s (available interfaces: %s)." % (
name, ", ".join(all_interfaces()))
raise argparse.ArgumentTypeError(msg)
def lisp_itr_pcap_thread(device, pfilter, pcap_lock):
lisp.lisp_set_exception()
pcap_lock.acquire()
pcap = pcappy.open_live(device, 9000, 0, 100)
pcap_lock.release()
pcap.filter = pfilter
pcap.loop(-1, lisp_itr_pcap_process_packet, device)
return
def Ii111(lisp_thread):
lisp.lisp_set_exception()
if (lisp.lisp_myrlocs[0] == None): return
if 67 - 67: O0
oOOo000oOoO0 = "lo0" if lisp.lisp_is_macos() else "any"
if 52 - 52: II111iiii.ooOoO0o / OoOoOO00 / OoooooooOO.i11iIiiIii
I1i1i = pcappy.open_live(oOOo000oOoO0, 9000, 0, 100)
if 86 - 86: Oo0Ooo / oO0o + O0 * iII111i
iiI11I1i1i1iI = "(dst host "
OoOOo000o0 = ""
for oO0OOoO0 in lisp.lisp_get_all_addresses():
iiI11I1i1i1iI += "{} or ".format(oO0OOoO0)
OoOOo000o0 += "{} or ".format(oO0OOoO0)
if 12 - 12: II111iiii.I11i / OOooOOo
iiI11I1i1i1iI = iiI11I1i1i1iI[0:-4]
iiI11I1i1i1iI += ") and ((udp dst port 4341 or 8472 or 4789) or "
iiI11I1i1i1iI += "(proto 17 and (ip[6]&0xe0 == 0x20 or " + "(ip[6]&0xe0 == 0 and ip[7] != 0))))"
if 77 - 77: ooOoO0o - I1IiiI % I11i - O0
if 67 - 67: OOooOOo + Oo0Ooo
if 84 - 84: O0 * OoooooooOO - IiII * IiII
if 8 - 8: ooOoO0o / i1IIi.oO0o
if 41 - 41: iII111i + OoO0O00
if 86 - 86: OoOoOO00.iIii1I11I1II1 - OoO0O00
OoOOo000o0 = OoOOo000o0[0:-4]
iiI11I1i1i1iI += (
" or (not (src host {}) and " +
"((udp src port 4342 and ip[28] == 0x28) or " +
"(udp dst port 4342 and ip[28] == 0x12)))").format(OoOOo000o0)
if 56 - 56: O0
if 61 - 61: o0oOOo0O0Ooo / OOooOOo / Oo0Ooo * O0
if 23 - 23: oO0o - OOooOOo + I11i
lisp.lprint("Capturing packets for: '{}'".format(iiI11I1i1i1iI))
I1i1i.filter = iiI11I1i1i1iI
if 12 - 12: I1IiiI / ooOoO0o % o0oOOo0O0Ooo / i11iIiiIii % OoooooooOO
if 15 - 15: iIii1I11I1II1 % OoooooooOO - Oo0Ooo * Ii1I + I11i
if 11 - 11: iII111i * Ii1I - OoOoOO00
if 66 - 66:
OoOoOO00.i11iIiiIii - iII111i * o0oOOo0O0Ooo + OoooooooOO * I1ii11iIi11i
I1i1i.loop(-1, Oo, [oOOo000oOoO0, lisp_thread])
return
if 74 - 74: Oo0Ooo
if 61 - 61:
Oo0Ooo - I1Ii111 * II111iiii % ooOoO0o * iIii1I11I1II1 + OoO0O00
if 71 - 71: I11i / I11i * oO0o * oO0o / II111iiii
if 35 - 35: OOooOOo * o0oOOo0O0Ooo * I1IiiI % Oo0Ooo.OoOoOO00
if 58 - 58: I11i + II111iiii * iII111i * i11iIiiIii - iIii1I11I1II1
if 68 - 68: OoooooooOO % II111iiii
if 26 - 26:
II111iiii % i11iIiiIii % iIii1I11I1II1 % I11i * I11i * I1ii11iIi11i
def lisp_rtr_pcap_thread(lisp_thread):
lisp.lisp_set_exception()
if (lisp.lisp_myrlocs[0] == None): return
device = "lo0" if lisp.lisp_is_macos() else "any"
pcap = pcappy.open_live(device, 9000, 0, 100)
#
# If "lisp-nat = yes" is configured, then a PETR is co-located with this
# RTR functionality. We need to pcap *all* packets (0.0.0.0/0 and 0::/0).
#
lisp_nat = commands.getoutput("egrep 'lisp-nat = yes' ./lisp.config")
lisp_nat = (lisp_nat != "" and lisp_nat[0] == " ")
pfilter = "(dst host "
afilter = ""
for addr in lisp.lisp_get_all_addresses():
pfilter += "{} or ".format(addr)
afilter += "{} or ".format(addr)
#endif
pfilter = pfilter[0:-4]
pfilter += ") and ((udp dst port 4341 or 8472 or 4789) or "
pfilter += "(proto 17 and (ip[6]&0xe0 == 0x20 or " + \
"(ip[6]&0xe0 == 0 and ip[7] != 0))))"
#
# For RLOC-probe messages that come via pcap interface so we have the
# IP header to grab the TTL.
#
afilter = afilter[0:-4]
pfilter += (" or (not (src host {}) and " + \
"((udp src port 4342 and ip[28] == 0x28) or " + \
"(udp dst port 4342 and ip[28] == 0x12)))").format(afilter)
if (lisp_nat):
pfilter += " or (dst net 0.0.0.0/0 and not (host {}))".format(afilter)
#endif
lisp.lprint("Capturing packets for: '{}'".format(pfilter))
pcap.filter = pfilter
#
# Enter receive loop.
#
pcap.loop(-1, lisp_rtr_pcap_process_packet, [device, lisp_thread])
return
def oo0OOo0O(lisp_thread):
lisp.lisp_set_exception()
if (lisp.lisp_myrlocs[0] == None): return
if 39 - 39: OoooooooOO + oO0o % OOooOOo / OOooOOo
Ii1ii111i1 = "lo0" if lisp.lisp_is_macos() else "any"
if 27 - 27: iII111i.I11i.iIii1I11I1II1.iIii1I11I1II1
iIi1i = pcappy.open_live(Ii1ii111i1, 9000, 0, 100)
if 4 - 4: I1Ii111 / i11iIiiIii / OOooOOo
OooO0ooo0o = "(dst host "
iii1 = ""
for oO0OOoO0 in lisp.lisp_get_all_addresses():
OooO0ooo0o += "{} or ".format(oO0OOoO0)
iii1 += "{} or ".format(oO0OOoO0)
if 32 - 32: Ii1I.IiII.OoooooooOO - OoO0O00 + oO0o
OooO0ooo0o = OooO0ooo0o[0:-4]
OooO0ooo0o += ") and ((udp dst port 4341 or 8472 or 4789) or "
OooO0ooo0o += "(proto 17 and (ip[6]&0xe0 == 0x20 or " + "(ip[6]&0xe0 == 0 and ip[7] != 0))))"
if 88 - 88: iII111i
if 19 - 19: II111iiii * IiII + Ii1I
if 65 - 65: OOooOOo.I1Ii111.OoO0O00.iII111i - OOooOOo
if 19 - 19: i11iIiiIii + iII111i % ooOoO0o
if 14 - 14: OoO0O00.II111iiii.I11i / Ii1I % I1ii11iIi11i - ooOoO0o
if 67 - 67: I11i - OOooOOo.i1IIi
iii1 = iii1[0:-4]
OooO0ooo0o += (" or (not (src host {}) and " +
"((udp src port 4342 and ip[28] == 0x28) or " +
"(udp dst port 4342 and ip[28] == 0x12)))").format(iii1)
if 35 - 35: iII111i + ooOoO0o - oO0o.iII111i.IiII
if 87 - 87: OoOoOO00
if 25 - 25: i1IIi.OoO0O00 - OoOoOO00 / OoO0O00 % OoO0O00 * iIii1I11I1II1
lisp.lprint("Capturing packets for: '{}'".format(OooO0ooo0o))
iIi1i.filter = OooO0ooo0o
if 50 - 50: OoO0O00.i11iIiiIii - oO0o.oO0o
if 31 - 31: OOooOOo / Oo0Ooo * i1IIi.OoOoOO00
if 57 - 57: OOooOOo + iIii1I11I1II1 % i1IIi % I1IiiI
if 83 - 83:
o0oOOo0O0Ooo / i11iIiiIii % iIii1I11I1II1.I11i % oO0o.OoooooooOO
iIi1i.loop(-1, OoO, [Ii1ii111i1, lisp_thread])
return
if 94 - 94: Ii1I + iIii1I11I1II1 % OoO0O00
if 93 - 93: Ii1I - OOooOOo + iIii1I11I1II1 * o0oOOo0O0Ooo + I1Ii111.iII111i
if 49 - 49: OoooooooOO * I11i - Oo0Ooo.oO0o
if 89 - 89: ooOoO0o + Ii1I * ooOoO0o / ooOoO0o
if 46 - 46: OoO0O00
if 71 - 71: I11i / I11i * oO0o * oO0o / II111iiii
if 35 - 35: OOooOOo * o0oOOo0O0Ooo * I1IiiI % Oo0Ooo.OoOoOO00
def I1iIII1(lisp_thread):
lisp.lisp_set_exception()
if (lisp.lisp_myrlocs[0] == None): return
if 39 - 39: OoooooooOO
OOOOoO000 = "lo0" if lisp.lisp_is_macos() else "any"
if 38 - 38: I1IiiI
oOo0OoOOo0 = pcappy.open_live(OOOOoO000, 9000, 0, 100)
if 30 - 30: I1ii11iIi11i % I1IiiI
O0Oo00 = "(dst host "
ii1IiIIi1i = ""
for oO0OOoO0 in lisp.lisp_get_all_addresses():
O0Oo00 += "{} or ".format(oO0OOoO0)
ii1IiIIi1i += "{} or ".format(oO0OOoO0)
if 54 - 54: ooOoO0o
O0Oo00 = O0Oo00[0:-4]
O0Oo00 += ") and ((udp dst port 4341 or 8472 or 4789) or "
O0Oo00 += "(proto 17 and (ip[6]&0xe0 == 0x20 or " + "(ip[6]&0xe0 == 0 and ip[7] != 0))))"
if 67 - 67: OOooOOo.Oo0Ooo + OoOoOO00 - OoooooooOO
if 70 - 70: OOooOOo / II111iiii - iIii1I11I1II1 - iII111i
if 11 - 11: iIii1I11I1II1.OoooooooOO.II111iiii / i1IIi - I11i
if 30 - 30: OoOoOO00
if 21 - 21: i11iIiiIii / I1Ii111 % OOooOOo * O0.I11i - iIii1I11I1II1
if 26 - 26: II111iiii * OoOoOO00
ii1IiIIi1i = ii1IiIIi1i[0:-4]
O0Oo00 += (" or (not (src host {}) and " +
"((udp src port 4342 and ip[28] == 0x28) or " +
"(udp dst port 4342 and ip[28] == 0x12)))").format(ii1IiIIi1i)
if 10 - 10: II111iiii.iII111i
if 32 - 32: Ii1I.IiII.OoooooooOO - OoO0O00 + oO0o
if 88 - 88: iII111i
lisp.lprint("Capturing packets for: '{}'".format(O0Oo00))
oOo0OoOOo0.filter = O0Oo00
if 19 - 19: II111iiii * IiII + Ii1I
if 65 - 65: OOooOOo.I1Ii111.OoO0O00.iII111i - OOooOOo
if 19 - 19: i11iIiiIii + iII111i % ooOoO0o
if 14 - 14: OoO0O00.II111iiii.I11i / Ii1I % I1ii11iIi11i - ooOoO0o
oOo0OoOOo0.loop(-1, OO0, [OOOOoO000, lisp_thread])
return
if 67 - 67: I11i - OOooOOo.i1IIi
if 35 - 35: iII111i + ooOoO0o - oO0o.iII111i.IiII
if 87 - 87: OoOoOO00
if 25 - 25: i1IIi.OoO0O00 - OoOoOO00 / OoO0O00 % OoO0O00 * iIii1I11I1II1
if 50 - 50: OoO0O00.i11iIiiIii - oO0o.oO0o
if 31 - 31: OOooOOo / Oo0Ooo * i1IIi.OoOoOO00
if 57 - 57: OOooOOo + iIii1I11I1II1 % i1IIi % I1IiiI
def live_capture(interface="", net_mask=24, time=100):
SNAP_LEN = 65536 #Maximum size of a packet
request_packets = dict()
if interface == "":
print("Looking for a default interface...")
try:
interface = lookupdev()
except PcapPyException as e:
print("Unable to find default network interface. Aborting!")
sys.exit(1)
print("Performing capture on: " + interface)
#We need network capabilities or root permission to sniff packets, unfortunately
#if we dont have them the libpcap library generates a segmentation fault and
#I cant think of a way to detect it and warn the user (except checking the euid for root)
try:
p = open_live(interface, SNAP_LEN, 1, 0)
except PcapPyException as e:
print(e.message)
sys.exit(1)
p.filter = 'icmp'
stats = {'icmp_count': 0, 'suspect': 0}
try:
while(True):
(header, packet) = p.next_ex()
got_icmp_packet(stats, header, packet, net_mask, request_packets, time)
except KeyboardInterrupt: #FIXME This is only caught when control is handed back to the python code from the pcap library
print("Capture canceled by user")
except PcapPyException as e:
print(e.message)
print("Captured " + str(stats['icmp_count']) + " ICMP packets")
print("Captured " + str(stats['suspect']) + " suspicious ICMP packets")
def lisp_rtr_pcap_thread(lisp_thread):
lisp.lisp_set_exception()
if (lisp.lisp_myrlocs[0] == None): return
device = "lo0" if lisp.lisp_is_macos() else "any"
pcap = pcappy.open_live(device, 9000, 0, 100)
pfilter = "(dst host "
afilter = ""
for addr in lisp.lisp_get_all_addresses():
pfilter += "{} or ".format(addr)
afilter += "{} or ".format(addr)
#endif
pfilter = pfilter[0:-4]
pfilter += ") and ((udp dst port 4341 or 8472 or 4789) or "
pfilter += "(proto 17 and (ip[6]&0xe0 == 0x20 or " + \
"(ip[6]&0xe0 == 0 and ip[7] != 0))))"
#
# For RLOC-probe messages that come via pcap interface so we have the
# IP header to grab the TTL.
#
afilter = afilter[0:-4]
pfilter += (" or (not (src host {}) and " + \
"((udp src port 4342 and ip[28] == 0x28) or " + \
"(udp dst port 4342 and ip[28] == 0x12)))").format(afilter)
lisp.lprint("Capturing packets for: '{}'".format(pfilter))
pcap.filter = pfilter
#
# Enter receive loop.
#
pcap.loop(-1, lisp_rtr_pcap_process_packet, [device, lisp_thread])
return
def run(self):
self.capture = pcappy.open_live(self.interface, snaplen=self.snaplen,
promisc=self.promisc, to_ms=self.ms)
self.capture.loop(-1, self._parse_packet, self.d)
