def test_observer_icmp_unreachable():
try:
import plt # libtrace may not be available
except:
raise nose.SkipTest
lturi = "pcap:tests/testdata/icmp_unreachable.pcap"
logging.getLogger().setLevel(logging.INFO)
o = Observer(lturi,
new_flow_chain=[basic_flow, icmp_setup],
icmp4_chain=[icmp_unreachable])
q = queue.Queue()
t = threading.Thread(target=o.run_flow_enqueuer,
args=(q,),
daemon=True)
t.start()
unreachables = [
'172.20.152.190',
]
while True:
f = q.get()
if f == SHUTDOWN_SENTINEL:
break
print(f)
assert f['icmp_unreachable'] == (f['dip'] in unreachables)
def create_observer(self, test_trace, chains):
if not test_trace.startswith("/"):
test_trace = pkg_resources.resource_filename(
"pathspider", "tests/data/" + test_trace)
self.lturi = "pcap:" + test_trace
self.observer = Observer(self.lturi, chains)
self.flowqueue = queue.Queue()
def run_observer(args):
logger = logging.getLogger("pathspider")
if args.list_chains:
print("The following chains are available:\n")
for chain in chains:
print(chain.__name__.lower()[:-5])
print("\nSpider safely!")
sys.exit(0)
interface = args.interface
if not ":" in args.interface:
if interface.endswith(".pcap") or interface.startswith("/"):
interface = "pcapfile:" + interface
else:
interface = "int:" + interface
if interface.startswith("int:") and not interface_up(interface[4:]):
logger.error("The chosen interface is not up! Cannot continue.")
logger.error("Try --help for more information.")
sys.exit(1)
logger.info("creating observer...")
chosen_chains = []
for chosen_chain in args.chains:
for chain in chains:
if chosen_chain.lower() + "chain" == chain.__name__.lower():
chosen_chains.append(chain)
if len(args.chains) > len(chosen_chains):
logger.error("Unable to find one or more of the requested chains.")
logger.error("Try --list-chains to list the available chains.")
observer_shutdown_queue = queue.Queue(QUEUE_SIZE)
flowqueue = queue.Queue(QUEUE_SIZE)
observer = Observer(interface, chosen_chains)
logger.info("starting observer...")
threading.Thread(target=observer.run_flow_enqueuer,
args=(flowqueue, observer_shutdown_queue)).start()
logger.info("opening output file " + args.output)
with open(args.output, 'w') as outputfile:
logger.info("registering interrupt...")
def signal_handler(signal, frame):
observer_shutdown_queue.put(True)
signal.signal(signal.SIGINT, signal_handler)
while True:
result = flowqueue.get()
if result == SHUTDOWN_SENTINEL:
logger.info("output complete")
break
outputfile.write(json.dumps(result) + "\n")
logger.debug("wrote a result")
def create_observer(self):
logger = logging.getLogger('tfo')
logger.info("Creating observer")
# try:
return Observer(self.libtrace_uri,
new_flow_chain=[basic_flow, tcp_setup, _tfosetup],
ip4_chain=[basic_count],
ip6_chain=[basic_count],
tcp_chain=[tcp_handshake, tcp_complete, _tfopacket])
def create_observer(self):
"""
Create a flow observer.
This function is called by the base Spider logic to get an instance
of :class:`pathspider.observer.Observer` configured with the function
chains that are requried by the plugin.
"""
self.__logger.info("Creating observer")
if len(self.chains) > 0:
from pathspider.observer import Observer
return Observer(self.libtrace_uri, chains=self.chains) # pylint: disable=no-member
else:
from pathspider.observer import DummyObserver
return DummyObserver()
def create_observer(self):
"""
Creates an observer with ECN-related chain functions.
"""
logger = logging.getLogger('ecn')
logger.info("Creating observer")
try:
return Observer(self.libtrace_uri,
new_flow_chain=[basic_flow, tcp_setup, ecn_setup],
ip4_chain=[basic_count, ecn_code],
ip6_chain=[basic_count, ecn_code],
tcp_chain=[tcp_handshake, tcp_complete])
except:
logger.error("Observer not cooperating, abandon ship")
traceback.print_exc()
sys.exit(-1)
def test_observer_shutdown():
try:
import plt # libtrace may not be available
except:
raise nose.SkipTest
flowqueue = mp.Queue(QUEUE_SIZE)
observer_shutdown_queue = mp.Queue(QUEUE_SIZE)
observer = Observer("pcap:tests/testdata/random.pcap")
observer_process = mp.Process(args=(flowqueue, observer_shutdown_queue),
target=observer.run_flow_enqueuer,
name='observer',
daemon=True)
observer_process.start()
observer_shutdown_queue.put(True)
assert flowqueue.get(True, timeout=3) == SHUTDOWN_SENTINEL
observer_process.join(3)
assert not observer_process.is_alive()
def test_observer_tcp():
try:
import plt # libtrace may not be available
except:
raise nose.SkipTest
lturi = "pcap:tests/testdata/tcp_http.pcap"
logging.getLogger().setLevel(logging.INFO)
o = Observer(lturi,
new_flow_chain=[basic_flow, tcp_setup],
tcp_chain=[tcp_handshake, tcp_complete])
q = queue.Queue()
t = threading.Thread(target=o.run_flow_enqueuer, args=(q, ), daemon=True)
t.start()
flows = []
while True:
f = q.get()
if f == SHUTDOWN_SENTINEL:
break
flows.append(f)
assert len(flows) == 3
print(flows)
dips = []
for flow in flows:
if flow['dip'] == "65.208.228.223":
assert flow['sp'] == 3372
assert flow['dp'] == 80
assert flow['fwd_syn_flags'] == TCP_SYN
assert flow['rev_syn_flags'] == TCP_SYN | TCP_ACK
assert flow['tcp_connected'] == True
assert flow['fwd_fin'] == True
assert flow['rev_fin'] == True
assert flow['fwd_rst'] == False
assert flow['rev_rst'] == False
if flow['dip'] == "216.239.59.99":
assert flow['sp'] == 3371
assert flow['dp'] == 80
assert flow['fwd_syn_flags'] == None
assert flow['rev_syn_flags'] == None
assert flow['tcp_connected'] == False
assert flow['fwd_fin'] == False
assert flow['rev_fin'] == False
assert flow['fwd_rst'] == False
assert flow['rev_rst'] == False
if flow['dip'] == "145.253.2.203":
# This is a UDP flow, it won't be merged as there will not have
# been a job record
assert flow['sp'] == 3009
assert flow['dp'] == 53
assert flow['fwd_syn_flags'] == None
assert flow['rev_syn_flags'] == None
assert flow['tcp_connected'] == False
assert flow['fwd_fin'] == False
assert flow['rev_fin'] == False
assert flow['fwd_rst'] == False
assert flow['rev_rst'] == False
dips.append(flow['dip'])
assert "65.208.228.223" in dips
assert "216.239.59.99" in dips
assert "145.253.2.203" in dips