def print_ipv4_event(cpu, data, size):
event = ct.cast(data, ct.POINTER(Data_ipv4)).contents
print("3 %-20s -> %-20s %-10s %-10s %-8s %-8s %-12s (%s)" %
("%s:%d" %
(inet_ntop(AF_INET, pack('I', event.saddr)), event.sport), "%s:%d" %
(inet_ntop(AF_INET, pack('I', event.daddr)), event.dport), "%d" %
(event.seq), "%d" % (event.ack), "%d" % (event.srtt >> 3), "%d" %
(event.snd_cwnd), tcp.tcpstate[event.state],
tcp.flags2str(event.tcpflags)))
def print_ipv6_event(cpu, data, size):
event = b["ipv6_events"].event(data)
print("%-8s %-6d %-2d %-20s > %-20s %s (%s)" % (
strftime("%H:%M:%S"), event.pid, event.ip,
"%s:%d" % (inet_ntop(AF_INET6, event.saddr), event.sport),
"%s:%d" % (inet_ntop(AF_INET6, event.daddr), event.dport),
tcp.tcpstate[event.state], tcp.flags2str(event.tcpflags)))
for addr in stack_traces.walk(event.stack_id):
sym = b.ksym(addr, show_offset=True)
print("\t%s" % sym)
print("")
def print_ipv6_event(cpu, data, size):
event = b["ipv6_events"].event(data)
print("%-8s %-6d %-2d %-20s > %-20s %s (%s)" % (
strftime("%H:%M:%S"), event.pid, event.ip,
"%s:%d" % (inet_ntop(AF_INET6, event.saddr), event.sport),
"%s:%d" % (inet_ntop(AF_INET6, event.daddr), event.dport),
tcp.tcpstate[event.state], tcp.flags2str(event.tcpflags)))
for addr in stack_traces.walk(event.stack_id):
sym = b.ksym(addr, show_offset=True)
print("\t%s" % sym)
print("")
def print_ipv4_event(cpu, data, size):
event = ct.cast(data, ct.POINTER(Data_ipv4)).contents
print("%-8s %-6d %-2d %-20s > %-20s %s (%s)" %
(strftime("%H:%M:%S"), event.pid, event.ip, "%s:%d" %
(inet_ntop(AF_INET, pack('I', event.saddr)), event.sport), "%s:%s" %
(inet_ntop(AF_INET, pack('I', event.daddr)), event.dport),
tcp.tcpstate[event.state], tcp.flags2str(event.tcpflags)))
for addr in stack_traces.walk(event.stack_id):
sym = b.ksym(addr, show_offset=True)
print("\t%s" % sym)
print("")
def print_ipv4_event(cpu, data, size):
event = ct.cast(data, ct.POINTER(Data_ipv4)).contents
print("%-8s %-6d %-2d %-20s > %-20s %s (%s)" % (
strftime("%H:%M:%S"), event.pid, event.ip,
"%s:%d" % (inet_ntop(AF_INET, pack('I', event.saddr)), event.sport),
"%s:%s" % (inet_ntop(AF_INET, pack('I', event.daddr)), event.dport),
tcp.tcpstate[event.state], tcp.flags2str(event.tcpflags)))
for addr in stack_traces.walk(event.stack_id):
sym = b.ksym(addr, show_offset=True)
print("\t%s" % sym)
print("")
def print_ipv6_event(cpu, data, size):
event = b["ipv6_events"].event(data)
print(
"%-8s ~ %-6d ~ TCPv%-2d ~ %-16s ~ %-6s ~ %-16s ~ %-6s ~ %s ~ (%s) ~" %
( # changed
strftime("%H:%M:%S"), event.pid, event.ip,
inet_ntop(AF_INET6, event.saddr), event.sport,
inet_ntop(AF_INET6, event.daddr), event.dport,
tcp.tcpstate[event.state], tcp.flags2str(event.tcpflags)))
for addr in stack_traces.walk(event.stack_id):
sym = b.ksym(addr, show_offset=True)
print("")
def print_ipv4_event(cpu, data, size):
event = ct.cast(data, ct.POINTER(Data_ipv4)).contents
print("3 %-20s -> %-20s %-10s %-10s %-12s (%s) %-8s %-8s %-10s %-10s %-10s %-10s %-10s %-10s %-10s %-10s %-10s %-20s %-10s" % (
"%s:%d" % (inet_ntop(AF_INET, pack('I', event.saddr)), event.sport),
"%s:%d" % (inet_ntop(AF_INET, pack('I', event.daddr)), event.dport),
"%d" % (event.seq),
"%d" % (event.ack),
tcp.tcpstate[event.state], tcp.flags2str(event.tcpflags),
"%d" % (event.srtt >> 3),
"%d" % (event.snd_cwnd),
"%d" % (event.rcv_wnd),
"%d" % (event.total_retrans),
"%d" % (event.fastRe),
"%d" % (event.timeout),
"%d" % (event.bytes_acked),
"%d" % (event.bytes_received),
"%d" % (event.srtt_sum),
"%d" % (event.srtt_counter),
"%d" % (event.packets_out),
"%d" % (event.duration),
"%d" % (event.bytes_inflight)))
def process_event(cpu, data, size, event_type):
if event_type not in ['snt', 'rcv']:
return
global events, prev_met_upd_t
if event_type == 'snt':
event = b['events'].event(data)
elif event_type == 'rcv':
event = b['rcv_events'].event(data)
#timestamp = "%.6f" % (abs(prev_met_upd_t) * 1000)
#prev_met_upd_t = setTimeInfo(event.timestamp)
timestamp = event.timestamp
connection = {
'src_ip': from_long_to_ip4(event.saddr),
'dst_ip': from_long_to_ip4(event.daddr),
'src_port': event.sport,
'dst_port': ntohs(event.dport),
'transport_protocol': 'TCP',
#'transport_protocol': '%sTCP' % ('MP' if event.proto == 1 else ''),
'ip_version': '4' if event.family == 2 else '6'
}
if event.sk != 0:
try:
if connection not in meta[event.sk]:
meta[event.sk].append(connection)
except KeyError:
meta[event.sk] = [connection]
header = {'flags': tcp.flags2str(event.flags).split('|')}
# special case on send RST-ACK, the src port is not defined but is retrieved
# through the socket which is used for the connection
if connection['src_port'] == 0 and event.sk in meta:
# TODO : check if multiple co collected on the sk
connection['src_port'] = meta[event.sk][0]['src_port']
print(header['flags'])
print(connection)
connection = dict(sorted(connection.items()))
fco = frozenset(connection.items())
if 'SYN' in header['flags']:
header['seq'] = event.seq
if len(header['flags']) == 1:
connectivity_type = '%sconnection_started' % ('subflow_' if event.proto and (event.parent_saddr != event.saddr or event.parent_daddr != event.daddr) and event.parent_saddr != 0 and event.parent_daddr != 0 else '')
conn_data = [connection['src_ip'], connection['src_port'], connection['dst_ip'], connection['dst_port']]
group_id = hashlib.md5(json.dumps(conn_data).encode('utf8')).hexdigest()
log = [timestamp, 'connectivity', connectivity_type, connection, group_id]
if event.proto == 1 and 'subflow' in connectivity_type:
# add parent hash if subflow creation
parent_id = [from_long_to_ip4(event.parent_saddr), event.parent_sport, from_long_to_ip4(event.parent_daddr), ntohs(event.parent_dport)]
print(parent_id)
log.append(hashlib.md5(json.dumps(parent_id).encode('utf8')).hexdigest())
events.append(log)
if event_type == 'rcv':
new_co = {
'src_ip': connection['dst_ip'],
'dst_ip': connection['src_ip'],
'src_port': connection['dst_port'],
'dst_port': connection['src_port'],
'transport_protocol': connection['transport_protocol'],
'ip_version': connection['ip_version']
}
new_co = dict(sorted(new_co.items()))
fco = frozenset(new_co.items())
try:
traces[fco].append(log)
except KeyError:
traces[fco] = [log]
if 'ACK' in header['flags']:
if len(header['flags']) > 1:
header['seq'] = event.seq
header['end_seq'] = event.end_seq
header['ack'] = event.ack_seq
header['win'] = event.win
transport_type = 'packet_received' if event_type == 'rcv' else 'packet_sent'
log = [timestamp, 'transport', transport_type, {'header': header}]
events.append(log)
try:
traces[fco].append(log)
except KeyError:
traces[fco] = [log]
