Ejemplo n.º 1
0
    def runTest(self):
        import pytrap
        import os

        urtempl = "ipaddr IP,uint16 PORT"
        c = pytrap.TrapCtx()
        c.init(["-i", "f:/tmp/pytrap_test"], 0, 1)
        c.setDataFmt(0, pytrap.FMT_UNIREC, urtempl)

        t = pytrap.UnirecTemplate("ipaddr IP,uint16 PORT")
        t.createMessage()
        t.IP = pytrap.UnirecIPAddr("192.168.0.1")
        t.PORT = 123
        c.send(t.getData())
        c.sendFlush()
        c.finalize()

        c = pytrap.TrapCtx()
        c.init(["-i", "f:/tmp/pytrap_test"], 1)
        c.setRequiredFmt(0, pytrap.FMT_UNIREC, urtempl)
        data = c.recv()
        t = pytrap.UnirecTemplate(urtempl)
        t.setData(data)
        self.assertEqual(t.IP, pytrap.UnirecIPAddr("192.168.0.1"))
        self.assertEqual(t.PORT, 123)
        c.finalize()

        os.unlink("/tmp/pytrap_test")
Ejemplo n.º 2
0
 def runTest(self):
     import pytrap
     a = pytrap.UnirecTemplate(
         "ipaddr SRC_IP,time TIME_FIRST,uint32 ABC,uint32 BCD,string TEXT,bytes STREAMBYTES"
     )
     a.createMessage(100)
     self.assertEqual(
         a.getFieldsDict(), {
             'SRC_IP': 0,
             'STREAMBYTES': 5,
             'TEXT': 4,
             'TIME_FIRST': 1,
             'ABC': 2,
             'BCD': 3
         })
     a.SRC_IP = pytrap.UnirecIPAddr("1.2.3.4")
     a.TIME_FIRST = pytrap.UnirecTime(123456)
     a.ABC = 1234
     a.BCD = 54321
     a.STREAMBYTES = bytearray(b"streamtext")
     a.TEXT = "stringmuj text"
     tc = a.strRecord()
     for i in range(100):
         self.assertEqual(tc, a.strRecord())
     a = pytrap.UnirecTemplate(
         "ipaddr DST_IP,time TIME_FIRST,uint32 BCD,string TEXT2,bytes STREAMBYTES"
     )
     self.assertEqual(a.getFieldsDict(), {
         'BCD': 3,
         'DST_IP': 6,
         'TIME_FIRST': 1,
         'STREAMBYTES': 5,
         'TEXT2': 7
     })
     try:
         a.DST_IP = pytrap.UnirecIPAddr("4.4.4.4")
     except:
         pass
     else:
         self.fail("Data was not set, this should raise exception.")
     a.createMessage(100)
     try:
         a.SRC_IP = pytrap.UnirecIPAddr("4.4.4.4")
     except:
         pass
     else:
         self.fail("This template has no SRC_IP.")
     a.DST_IP = pytrap.UnirecIPAddr("4.4.4.4")
     a.STREAMBYTES = bytearray(b"hello")
     valdict = {}
     for name, value in a:
         valdict[name] = value
     self.assertEqual(
         valdict, {
             'STREAMBYTES': bytearray(b'hello'),
             'DST_IP': pytrap.UnirecIPAddr('4.4.4.4'),
             'TIME_FIRST': pytrap.UnirecTime(0),
             'TEXT2': '',
             'BCD': 0
         })
    def runTest(self):
        import pytrap
        a = pytrap.UnirecTemplate(
            "ipaddr SRC_IP,time TIME_FIRST,uint32 ABC,uint32 BCD,string TEXT,bytes STREAMBYTES"
        )
        a.createMessage(100)
        self.assertEqual(
            set(a.getFieldsDict().keys()),
            set(['SRC_IP', 'STREAMBYTES', 'TEXT', 'TIME_FIRST', 'ABC', 'BCD']))
        a.SRC_IP = pytrap.UnirecIPAddr("1.2.3.4")
        a.TIME_FIRST = pytrap.UnirecTime(123456)
        a.ABC = 1234
        a.BCD = 54321
        a.STREAMBYTES = bytearray(b"streamtext")
        a.TEXT = "stringmuj text"
        tc = a.strRecord()
        for i in range(100):
            self.assertEqual(tc, a.strRecord())
        a = pytrap.UnirecTemplate(
            "ipaddr DST_IP,time TIME_FIRST,uint32 BCD,string TEXT2,bytes STREAMBYTES"
        )
        self.assertEqual(
            set(a.getFieldsDict().keys()),
            set(['DST_IP', 'TIME_FIRST', 'BCD', 'STREAMBYTES', 'TEXT2']))

        # Data was not set, this should raise exception.
        with self.assertRaises(pytrap.TrapError):
            a.DST_IP = pytrap.UnirecIPAddr("4.4.4.4")

        a.createMessage(100)

        # This template has no SRC_IP.
        with self.assertRaises(AttributeError):
            a.SRC_IP = pytrap.UnirecIPAddr("4.4.4.4")

        a.DST_IP = pytrap.UnirecIPAddr("4.4.4.4")
        a.STREAMBYTES = bytearray(b"hello")
        valdict = {}
        for name, value in a:
            valdict[name] = value
        self.assertEqual(
            valdict, {
                'STREAMBYTES': bytearray(b'hello'),
                'DST_IP': pytrap.UnirecIPAddr('4.4.4.4'),
                'TIME_FIRST': pytrap.UnirecTime(0),
                'TEXT2': '',
                'BCD': 0
            })
Ejemplo n.º 4
0
    def runTest(self):
        import pytrap
        a = pytrap.UnirecTemplate(
            "ipaddr SRC_IP,time TIME_FIRST,uint32 ABC,uint32 BCD,string TEXT,bytes STREAMBYTES"
        )
        data = bytearray(
            b'\x00\x00\x00\x00\x00\x00\x00\x00\x0A\x00\x00\x01\xff\xff\xff\xff\xc8\x76\xbe\xff\xe3\x2b\x6c\x57\x00\x00\x00\x01\x00\x00\x00\x02\x06\x00\x04\x00\x00\x00\x06\x00abcdef\xde\xad\xfe\xed'
        )
        a.setData(data)
        self.assertEqual(len(a), 6, "Number of fields differs, 6 expected.")
        self.assertEqual(
            str(a),
            "(ipaddr SRC_IP,time TIME_FIRST,uint32 ABC,uint32 BCD,bytes STREAMBYTES,string TEXT)"
        )
        d = a.getFieldsDict()
        self.assertEqual(type(d), dict)
        self.assertEqual(
            d, {
                'TIME_FIRST': 1,
                'ABC': 2,
                'BCD': 3,
                'TEXT': 4,
                'STREAMBYTES': 5,
                'SRC_IP': 0
            })

        self.assertEqual(a.get(data, "SRC_IP"),
                         pytrap.UnirecIPAddr("10.0.0.1"))
        self.assertEqual(a.get(data, "SRC_IP"), a.getByID(data, 0))
        self.assertEqual(a.get(data, "SRC_IP"), a.SRC_IP)

        self.assertEqual(a.get(data, "TIME_FIRST"), a.getByID(data, 1))
        self.assertEqual(a.get(data, "TIME_FIRST"),
                         pytrap.UnirecTime(1466706915, 999))
        self.assertEqual(a.get(data, "TIME_FIRST"), a.TIME_FIRST)

        self.assertEqual(a.get(data, "ABC"), 16777216)
        self.assertEqual(a.get(data, "ABC"), a.getByID(data, 2))
        self.assertEqual(a.get(data, "ABC"), a.ABC)

        self.assertEqual(a.get(data, "BCD"), 33554432)
        self.assertEqual(a.get(data, "BCD"), a.getByID(data, 3))
        self.assertEqual(a.get(data, "BCD"), a.BCD)

        self.assertEqual(a.get(data, "TEXT"), "abcdef")
        self.assertEqual(a.get(data, "TEXT"), a.getByID(data, 4))
        self.assertEqual(a.get(data, "TEXT"), a.TEXT)
        self.assertEqual(type(a.get(data, "STREAMBYTES")), bytearray)
        self.assertEqual(a.get(data, "STREAMBYTES"),
                         bytearray(b'\xde\xad\xfe\xed'))
        self.assertEqual(a.get(data, "STREAMBYTES"), a.getByID(data, 5))
        self.assertEqual(a.get(data, "STREAMBYTES"), a.STREAMBYTES)
        stream = a.get(data, "STREAMBYTES")
        self.assertEqual(" ".join([hex(i) for i in stream]),
                         "0xde 0xad 0xfe 0xed")
Ejemplo n.º 5
0
    def dns_aaaa(self, urinput, namefield):
        """Return the first resolved ip6 address for the domain name.

        The domain name is specified in _addrfield_ of _urinput_. The
        ip6 address is returned as an ipaddr. If no address can be
        resolved :: is returned."""
        try:
            return pytrap.UnirecIPAddr(
                socket.getaddrinfo(
                    getattr(urinput, namefield),
                    # fudge port
                    0,
                    # truncate list of answers to first
                    # and select the address
                    socket.AF_INET6)[0][4][0])
        except Exception as err:  # pylint:disable=broad-except
            print("Error: Received exception {}"
                  " doing aaaa lookup for {}".format(
                      err, getattr(urinput, namefield, "unavailable name")))
            return pytrap.UnirecIPAddr("::")
def do_detection(rec):
    global alert, c
    # TODO write your algorithm into this method

    # TODO and send an alert
    if rec.DST_PORT == 6666 or rec.SRC_IP == pytrap.UnirecIPAddr("192.168.1.1"):
        print(rec.strRecord())
        # fill-in alert:
        alert.SRC_IP = rec.SRC_IP
        alert.DST_IP = rec.DST_IP
        alert.SRC_PORT = rec.SRC_PORT
        alert.DST_PORT = rec.DST_PORT
                alert.EVENT_TIME = rec.TIME_FIRST
        # send alert
        trap.send(alert.getData(), 0)
    def runTest(self):
        import pytrap
        a = pytrap.UnirecTemplate(
            "ipaddr SRC_IP,time TIME_FIRST,uint32 ABC,uint32 BCD,string TEXT,bytes STREAMBYTES"
        )
        data = a.createMessage(100)
        for i in range(100):
            getdata = a.getData()
            # size of created (allocated) message and retrieved message differs (due to non-filled variable fields)
            self.assertEqual(data[:len(getdata)], getdata)

        a.ABC = 666
        self.assertEqual(a.ABC, 666)
        a.SRC_IP = pytrap.UnirecIPAddr("147.32.1.1")
        self.assertEqual(a.SRC_IP, pytrap.UnirecIPAddr("147.32.1.1"))
        a.setByID(data, 0, pytrap.UnirecIPAddr("fd7c:e770:9b8a::465"))
        self.assertEqual(a.SRC_IP, pytrap.UnirecIPAddr("fd7c:e770:9b8a::465"))
        a.set(data, "SRC_IP", pytrap.UnirecIPAddr("10.0.0.1"))
        self.assertEqual(a.SRC_IP, pytrap.UnirecIPAddr("10.0.0.1"))

        a.TIME_FIRST = pytrap.UnirecTime(666, 0)
        self.assertEqual(a.TIME_FIRST, pytrap.UnirecTime(666, 0))
        a.setByID(data, 1, pytrap.UnirecTime(1234, 666))
        self.assertEqual(a.TIME_FIRST, pytrap.UnirecTime(1234, 666))
        a.set(data, "TIME_FIRST", pytrap.UnirecTime(1468962758, 166))
        self.assertEqual(a.TIME_FIRST, pytrap.UnirecTime(1468962758, 166))

        a.TEXT = "different text"
        self.assertEqual(a.TEXT, "different text")
        a.setByID(data, 4, "my long text")
        self.assertEqual(a.TEXT, "my long text")
        a.set(data, "TEXT", "long text")
        self.assertEqual(a.TEXT, "long text")

        a.STREAMBYTES = bytearray(b"he\x01\x01")
        self.assertEqual(a.STREAMBYTES, bytearray(b"he\x01\x01"))
        a.STREAMBYTES = bytes(b"\xca\xfe")
        self.assertEqual(a.STREAMBYTES, bytes(b"\xca\xfe"))
        a.setByID(data, 5, bytes(b"\xde\xad\xbe\xef"))
        self.assertEqual(a.STREAMBYTES, bytes(b"\xde\xad\xbe\xef"))

        data = a.createMessage(100)
        a.setByID(data, 2, int(1234))
        a.ABC = int(1)
        self.assertEqual(a.ABC, int(1))
        a.set(data, "ABC", int(666))
        self.assertEqual(a.ABC, int(666))
        a.ABC = int(222)
        self.assertEqual(a.ABC, int(222))
        # overflow
        a.ABC = int(4294967296)
        self.assertEqual(a.ABC, int(0))
Ejemplo n.º 8
0
print(type(t.getTimeAsFloat()))
t2 = pytrap.UnirecTime(10, 100)
print("t + t2")
print(t + t2)
print("t + 1000000000")
constint = 1000000000
print(type(constint))
print(t + constint)
print("t + -1000000000")
print(t + -constint)
fl = float(t)
print(type(fl))
print(fl)

print("UnirecIPAddr")
t = pytrap.UnirecIPAddr("192.168.0.1")
print(t)

import pdb
#pdb.set_trace()
print("\n\nSetters")

a.set(2, data, int(1234))
print("GET 2")
print(a.get(2, data))
a.set(2, data, int(1))
print("GET 2")
print(a.get(2, data))
a.set(2, data, int(222))
print("GET 2")
print(a.get(2, data))
    def runTest(self):
        import pytrap
        try:
            ip1 = pytrap.UnirecIPAddrRange("1.2.3.4")
            self.fail("2 arguments or <ip>/<netmask> are required")
        except:
            pass
        try:
            ip1 = pytrap.UnirecIPAddrRange(pytrap.UnirecIPAddr("1.2.3.4"))
            self.fail("2 arguments or <ip>/<netmask> are required")
        except:
            pass
        try:
            ip1 = pytrap.UnirecIPAddrRange(1, 2)
            self.fail("Integer arguments are not supported.")
        except:
            pass
        ip1 = pytrap.UnirecIPAddrRange("192.168.3.1/24")
        self.assertEqual(ip1, ip1)
        self.assertEqual(type(ip1), pytrap.UnirecIPAddrRange, "Bad type of IP address Range object.")
        self.assertEqual(str(ip1), "192.168.3.0 - 192.168.3.255", "IP address is not equal to its str().")
        self.assertEqual(repr(ip1), "UnirecIPAddrRange(UnirecIPAddr('192.168.3.0'), UnirecIPAddr('192.168.3.255'))",
                         "IP address is not equal to its repr().")

        self.assertTrue(ip1.start.isIPv4(), "IPv6 was recognized as IPv4.")
        self.assertFalse(ip1.start.isIPv6(), "IPv6 was not recognized.")
        self.assertEqual(ip1.start.isIPv4(), ip1.end.isIPv4(), "IPv4 was not recognized.")
        self.assertEqual(ip1.start.isIPv6(), ip1.end.isIPv6(), "IPv4 was recognized as IPv6.")

        ip2 = pytrap.UnirecIPAddrRange("192.168.0.1/24")
        ip3 = pytrap.UnirecIPAddrRange("192.168.3.1/24")
        self.assertFalse(ip1 == ip2, "Comparison of different IP addresses failed.")
        self.assertFalse(ip1 <= ip2, "Comparison of the same IP addresses failed.")
        self.assertFalse(ip2 >= ip1, "Comparison of the same IP addresses failed.")
        self.assertFalse(ip1 != ip3, "Comparison of the same IP addresses failed.")
        self.assertFalse(ip1 < ip3, "Comparison of the same IP addresses failed.")
        self.assertFalse(ip1 > ip3, "Comparison of the same IP addresses failed.")

        ip1 = pytrap.UnirecIPAddrRange("192.168.3.1/32")
        self.assertEqual(ip1.start, ip1.end)
        ip1 = pytrap.UnirecIPAddrRange("192.168.3.1", "192.168.3.1")
        self.assertEqual(ip1.start, ip1.end)
        ip1 = pytrap.UnirecIPAddrRange(pytrap.UnirecIPAddr("192.168.4.1"), pytrap.UnirecIPAddr("192.168.4.1"))
        self.assertEqual(ip1.start, ip1.end)

        ip1 = pytrap.UnirecIPAddrRange("fd7c:e770:9b8a::465/64")
        self.assertEqual(type(ip1), pytrap.UnirecIPAddrRange, "Bad type of IP address object.")
        self.assertEqual(str(ip1), "fd7c:e770:9b8a:: - fd7c:e770:9b8a:0:ffff:ffff:ffff:ffff",
                         "IP address is not equal to its str().")
        self.assertEqual(repr(ip1), "UnirecIPAddrRange(UnirecIPAddr('fd7c:e770:9b8a::'), UnirecIPAddr('fd7c:e770:9b8a:0:ffff:ffff:ffff:ffff'))",
                         "IP address is not equal to its repr().")

        self.assertFalse(ip1.start.isIPv4(), "IPv6 was not recognized.")
        self.assertTrue(ip1.start.isIPv6(), "IPv6 was recognized as IPv4.")
        self.assertEqual(ip1.start.isIPv4(), ip1.end.isIPv4(), "IPv4 was not recognized.")
        self.assertEqual(ip1.start.isIPv6(), ip1.end.isIPv6(), "IPv4 was recognized as IPv6.")

        ip1 = pytrap.UnirecIPAddrRange("fd7c:e770:9b8a::465/128")
        self.assertEqual(ip1.start, ip1.end)
        ip1 = pytrap.UnirecIPAddrRange("fd7c:e770:9b8a::465", "fd7c:e770:9b8a::465")
        self.assertEqual(ip1.start, ip1.end)
        ip1 = pytrap.UnirecIPAddrRange(pytrap.UnirecIPAddr("fd7c:e770:9b8a::465"),
                                       pytrap.UnirecIPAddr("fd7c:e770:9b8a::465"))
        self.assertEqual(ip1.start, ip1.end)

        intex = pytrap.UnirecIPAddrRange("192.168.1.0", "192.168.1.255")

        self.assertTrue(pytrap.UnirecIPAddr("192.168.1.0") in intex, "in test: first ip - fail")
        self.assertTrue(pytrap.UnirecIPAddr("192.168.1.255") in intex, "in test: last ip - fail")
        self.assertTrue(pytrap.UnirecIPAddr("192.168.1.125") in intex, "in test: mid ip - fail")
        self.assertFalse(pytrap.UnirecIPAddr("192.168.0.255") in intex, "in test: low match - fail")
        self.assertFalse(pytrap.UnirecIPAddr("10.10.10.0") in intex, "in test: low match - fail")
        self.assertFalse(pytrap.UnirecIPAddr("192.168.2.0") in intex, "in test: great match - fail")
        self.assertFalse(pytrap.UnirecIPAddr("255.255.255.255") in intex, "in test: great match - fail")

        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("192.168.1.0")), 0, "in test: first ip - fail")
        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("192.168.1.255")), 0, "in test: last ip - fail")
        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("192.168.1.125")),  0, "in test: mid ip - fail")
        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("192.168.0.255")), -1, "in test: low match - fail")
        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("10.10.10.0")), -1, "in test: low match - fail")
        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("192.168.2.0")), 1, "in test: great match - fail")
        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("255.255.255.255")), 1, "in test: great match - fail")


        intex2 = pytrap.UnirecIPAddrRange("192.168.1.128", "192.168.2.172")
        result = intex.isOverlap(intex2)
        self.assertTrue(result, "isOverlap - match IPAddr in interval - fail")

        intex2 = pytrap.UnirecIPAddrRange("192.168.2.0", "192.168.2.128")
        result = intex.isOverlap(intex2)
        self.assertFalse(result, "isOverlap - no match IPAddr in interval -fail")

        intex2 = pytrap.UnirecIPAddrRange("192.168.2.0", "192.168.2.128")
        result = intex == intex2
        self.assertFalse(result, "Equal operator - not eq - fail")

        intex2 = pytrap.UnirecIPAddrRange(pytrap.UnirecIPAddr("192.168.1.0"), "192.168.2.128")
        result = intex == intex2
        self.assertFalse(result, "Equal operator - not eq - fail")

        intex2 = pytrap.UnirecIPAddrRange("192.168.1.128/25")
        result = intex == intex2
        self.assertFalse(result, "Equal operator - not eq - fail")

        intex2 = pytrap.UnirecIPAddrRange("192.168.1.0", pytrap.UnirecIPAddr("192.168.1.255"))
        result = intex == intex2
        self.assertTrue(result, "Equal operator - eq - fail")
    def runTest(self):
        import pytrap
        ip1 = pytrap.UnirecIPAddr("192.168.3.1")
        self.assertEqual(ip1, ip1)
        self.assertEqual(type(ip1), pytrap.UnirecIPAddr, "Bad type of IP address object.")
        self.assertEqual(str(ip1),  "192.168.3.1", "IP address is not equal to its str().")
        self.assertEqual(repr(ip1), "UnirecIPAddr('192.168.3.1')", "IP address is not equal to its repr().")

        self.assertTrue(ip1.isIPv4(),  "IPv4 was not recognized.")
        self.assertFalse(ip1.isIPv6(), "IPv4 was recognized as IPv6.")

        ip2 = pytrap.UnirecIPAddr("192.168.0.1")
        ip3 = pytrap.UnirecIPAddr("192.168.3.1")
        self.assertFalse(ip1 == ip2, "Comparison of different IP addresses failed.")
        self.assertFalse(ip1 <= ip2, "Comparison of the same IP addresses failed.")
        self.assertFalse(ip2 >= ip1, "Comparison of the same IP addresses failed.")
        self.assertFalse(ip1 != ip3, "Comparison of the same IP addresses failed.")
        self.assertFalse(ip1  < ip3, "Comparison of the same IP addresses failed.")
        self.assertFalse(ip1  > ip3, "Comparison of the same IP addresses failed.")

        ip1 = pytrap.UnirecIPAddr("fd7c:e770:9b8a::465")
        self.assertEqual(type(ip1), pytrap.UnirecIPAddr, "Bad type of IP address object.")
        self.assertEqual(str(ip1), "fd7c:e770:9b8a::465", "IP address is not equal to its str().")
        self.assertEqual(repr(ip1), "UnirecIPAddr('fd7c:e770:9b8a::465')", "IP address is not equal to its repr().")
        self.assertFalse(ip1.isIPv4(), "IPv6 was not recognized.")
        self.assertTrue(ip1.isIPv6(), "IPv6 was recognized as IPv4.")

        d = dict()
        i1 = pytrap.UnirecIPAddr("0:0:0:1::")
        i2 = pytrap.UnirecIPAddr("::1")
        i3 = pytrap.UnirecIPAddr("8.8.8.8")
        d[i1] = 1
        d[i2] = 2
        d[i3] = 3
        self.assertEqual(d[i3], 3)
        self.assertEqual(d[i1], 1)
        self.assertEqual(d[i2], 2)
        i4 = pytrap.UnirecIPAddr("8.8.4.4")
        try:
            print(d[i4])
            self.fail("IP address shouldn't be in dict")
        except:
            pass
        try:
            i = pytrap.UnirecIPAddr(0)
            self.fail("Only string is a valid argument of UnirecIPAddr()")
        except:
            pass
        i = pytrap.UnirecIPAddr("::")
        self.assertTrue(i.isNull())
        self.assertFalse(i)
        i = pytrap.UnirecIPAddr("::1")
        self.assertFalse(i.isNull())
        self.assertTrue(i)
        i = pytrap.UnirecIPAddr("0.0.0.0")
        self.assertTrue(i.isNull())
        self.assertFalse(i)
        i = pytrap.UnirecIPAddr("1.2.3.4")
        self.assertFalse(i.isNull())
        self.assertTrue(i)
    def runTest(self):
        import pytrap
        a = pytrap.UnirecTemplate("ipaddr IP,time TIME,uint64 U64,uint32 U32,uint16 U16,uint8 U8,int64 I64,int32 I32,int16 I16,int8 I8,float FL,double DB,char CHR,string TEXT,bytes STREAMBYTES")
        a.createMessage(100)
        a.IP = pytrap.UnirecIPAddr("1.2.3.4")
        a.TIME = pytrap.UnirecTime(123456)
        a.U64 = 0x100000000
        a.U32 = 0x10000
        a.U16 = 0x100
        a.U8 = 0x1
        a.I64 = -1
        a.I32 = -1
        a.I16 = -1
        a.I8 = -1
        a.FL = 1.234
        a.DB = 1.234
        #a.CHR = "a"
        a.TEXT = "text"
        a.STREAMBYTES = b"streambytes"

        self.assertTrue(a.IP == pytrap.UnirecIPAddr("1.2.3.4"))
        self.assertTrue(a.TIME == pytrap.UnirecTime(123456))
        self.assertTrue(a.U64 == 0x100000000)
        self.assertTrue(a.U32 == 0x10000)
        self.assertTrue(a.U16 == 0x100)
        self.assertTrue(a.U8 == 0x1)
        self.assertTrue(a.I64 == -1)
        self.assertTrue(a.I32 == -1)
        self.assertTrue(a.I16 == -1)
        self.assertTrue(a.I8 == b'\xff')
        self.assertTrue(1.234 - a.FL < 1e-7)
        self.assertTrue(a.DB == 1.234)
        #self.assertTrue(a.CHR == "a")
        self.assertTrue(a.TEXT == "text")
        self.assertTrue(a.STREAMBYTES == b"streambytes")

        # Check types
        self.assertEqual(type(a.IP), pytrap.UnirecIPAddr)
        self.assertEqual(type(a.TIME), pytrap.UnirecTime)
        self.assertEqual(type(a.U64), long)
        self.assertEqual(type(a.U32), int)
        self.assertEqual(type(a.U16), int)
        self.assertEqual(type(a.U8), int)
        self.assertEqual(type(a.I64), long)
        self.assertEqual(type(a.I32), int)
        self.assertEqual(type(a.I16), int)
        self.assertEqual(type(a.I8), bytes)
        self.assertEqual(type(a.CHR), int)
        self.assertEqual(type(a.FL), float)
        self.assertEqual(type(a.DB), float)
        self.assertEqual(type(a.TEXT), str)
        self.assertEqual(type(a.STREAMBYTES), bytearray)

        self.assertEqual(a.getFieldType("IP"), pytrap.UnirecIPAddr)
        self.assertEqual(a.getFieldType("TIME"), pytrap.UnirecTime)
        self.assertEqual(a.getFieldType("U64"), long)
        self.assertEqual(a.getFieldType("U32"), long)
        self.assertEqual(a.getFieldType("U16"), long)
        self.assertEqual(a.getFieldType("U8"), long)
        self.assertEqual(a.getFieldType("I64"), long)
        self.assertEqual(a.getFieldType("I32"), long)
        self.assertEqual(a.getFieldType("I16"), long)
        self.assertEqual(a.getFieldType("I8"), long)
        self.assertEqual(a.getFieldType("CHR"), long)
        self.assertEqual(a.getFieldType("FL"), float)
        self.assertEqual(a.getFieldType("DB"), float)
        self.assertEqual(a.getFieldType("TEXT"), str)
        self.assertEqual(a.getFieldType("STREAMBYTES"), bytearray)
Ejemplo n.º 12
0
        def runTest(self):
            import ip_prefix_search
            import pytrap

            input_data_v4 = [
                ["192.168.1.5/25", "a"],
                ["192.168.1.2/24", "b"],
                ["192.168.1.130/25", "c"],
                ["192.168.1.7/26", "d"],
                ["192.168.1.250/26", "e"],
                ["192.168.2.0/24", "f"],
                ["192.168.1.150/28", "g"],
                ["192.255.255.255/32", "h"],
                ["0.0.0.0/1", "i"],
                ["255.255.255.255/2", "j"],
                ["0.0.0.0/32 ", "k"],
                ["10.10.10.10/32", "l"]
            ]
            result_ip_v4 = [
                ["0.0.0.0", "0.0.0.0", ['i', 'k']],
                ["0.0.0.1", "10.10.10.9", ['i']],
                ["10.10.10.10", "10.10.10.10", ['i', 'l']],
                ["10.10.10.11", "127.255.255.255", ['i']],
                ["192.0.0.0", "192.168.0.255", ['j']],
                ["192.168.1.0", "192.168.1.63", ['j', 'b', 'a', 'd']],
                ["192.168.1.64", "192.168.1.127", ['j', 'b', 'a']],
                ["192.168.1.128", "192.168.1.143", ['j', 'b', 'c']],
                ["192.168.1.144", "192.168.1.159", ['j', 'b', 'c', 'g']],
                ["192.168.1.160", "192.168.1.191", ['j', 'b', 'c']],
                ["192.168.1.192", "192.168.1.255", ['j', 'b', 'c', 'e']],
                ["192.168.2.0", "192.168.2.255", ['j', 'f']],
                ["192.168.3.0", "192.255.255.254", ['j']],
                ["192.255.255.255", "192.255.255.255", ['j', 'h']],
                ["193.0.0.0", "255.255.255.255", ['j']]
            ]

            input_data_v6 = [
                ["ff37:3b22:507d:a4f9:0:0:a:a/64", "a"],
                ["fd37:3b22:507d:a4f9:0:0:1:1/64", "b"],
                ["fd37:3b22:507d:a4f9:7000:0:0:0/65", "c"],
                ["fd37:3b22:507d:a4f9::0:1:20/67", "d"],
                ["fd37:3b22:507d:a4f9:ffff:ffff:ff:0/67", "e"],
                ["fd37:3b22:507d:a500:0:0:0:0/64", "f"],
                ["fd37:3b22:507d:a4f9:ffff:fe00:abab:0/70", "g"],
                ["fd37:3b22:ffff:ffff:ffff:ffff:ffff:ffff/128", "h"],
                ["0::0/1", "i"],
                ["ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/2", "j"],
                ["0::0/128", "k"],
                ["10:10:10::10/128", "l"]
            ]
            result_ip_v6 = [
                   ["::", "0000:0000:0000:0000:0000:0000:0000:0000", ['i', 'k']],
                   ["::0001", "0010:0010:0010:0000:0000:0000:0000:000f", ['i']],
                   ["0010:0010:0010:0000:0000:0000:0000:0010", "0010:0010:0010:0000:0000:0000:0000:0010", ['i', 'l']],
                   ["0010:0010:0010:0000:0000:0000:0000:0011", "7fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", ['i']],
                   ["c000:0000:0000:0000:0000:0000:0000:0000", "fd37:3b22:507d:a4f8:ffff:ffff:ffff:ffff", ['j']],
                   ["fd37:3b22:507d:a4f9:0000:0000:0000:0000", "fd37:3b22:507d:a4f9:1fff:ffff:ffff:ffff", ['j', 'b', 'c', 'd']],
                   ["fd37:3b22:507d:a4f9:2000:0000:0000:0000", "fd37:3b22:507d:a4f9:7fff:ffff:ffff:ffff", ['j', 'b', 'c']],
                   ["fd37:3b22:507d:a4f9:8000:0000:0000:0000", "fd37:3b22:507d:a4f9:dfff:ffff:ffff:ffff", ['j', 'b']],
                   ["fd37:3b22:507d:a4f9:e000:0000:0000:0000", "fd37:3b22:507d:a4f9:fbff:ffff:ffff:ffff", ['j', 'b', 'e']],
                   ["fd37:3b22:507d:a4f9:fc00:0000:0000:0000", "fd37:3b22:507d:a4f9:ffff:ffff:ffff:ffff", ['j', 'b', 'e', 'g']],
                   ["fd37:3b22:507d:a4fa:0000:0000:0000:0000", "fd37:3b22:507d:a4ff:ffff:ffff:ffff:ffff", ['j']],
                   ["fd37:3b22:507d:a500:0000:0000:0000:0000", "fd37:3b22:507d:a500:ffff:ffff:ffff:ffff", ['j', 'f']],
                   ["fd37:3b22:507d:a501:0000:0000:0000:0000", "fd37:3b22:ffff:ffff:ffff:ffff:ffff:fffe", ['j']],
                   ["fd37:3b22:ffff:ffff:ffff:ffff:ffff:ffff", "fd37:3b22:ffff:ffff:ffff:ffff:ffff:ffff", ['j', 'h']],
                   ["fd37:3b23:0000:0000:0000:0000:0000:0000", "ff37:3b22:507d:a4f8:ffff:ffff:ffff:ffff", ['j']],
                   ["ff37:3b22:507d:a4f9:0000:0000:0000:0000", "ff37:3b22:507d:a4f9:ffff:ffff:ffff:ffff", ['j', 'a']],
                   ["ff37:3b22:507d:a4fa:0000:0000:0000:0000", "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", ['j']]
            ]

            context = ip_prefix_search.IPPSContext([ip_prefix_search.IPPSNetwork(line[0], line[1]) for line in input_data_v4])

            for index, interval in enumerate(context.interval_list_v4):
                intex = ip_prefix_search.IPPSInterval(result_ip_v4[index][0],
                                     result_ip_v4[index][1],
                                     data=result_ip_v4[index][2])

                self.assertEqual(interval.start, intex.start, "IPv4 init low ip fail")
                self.assertEqual(interval.end, intex.end, "IPv4 init high ip fail")
                self.assertEqual(interval.get_data(), intex.get_data(), "IPv4 init data fail")

            context = ip_prefix_search.IPPSContext(
                [ip_prefix_search.IPPSNetwork(line[0], line[1]) for line in input_data_v6])

            for index, interval in enumerate(context.interval_list_v6):
                intex = ip_prefix_search.IPPSInterval(result_ip_v6[index][0],
                                     result_ip_v6[index][1],
                                     data=result_ip_v6[index][2])

                self.assertEqual(interval.start, intex.start,
                                 "IPv6 init low ip fail {}  {}".format(interval.start, intex.start))
                self.assertEqual(interval.end, intex.end, "IPv6 init high ip fail {}   {}".format(interval.end, intex.end))
                self.assertEqual(interval.get_data(), intex.get_data(), "IPv6 init data fail")

            networks = []

            for line_v4, line_v6 in zip(input_data_v4, input_data_v6):
                networks.append(ip_prefix_search.IPPSNetwork(line_v4[0], line_v4[1]))
                networks.append(ip_prefix_search.IPPSNetwork(line_v6[0], line_v6[1]))

            context = ip_prefix_search.IPPSContext(networks)

            for index, interval in enumerate(context.interval_list_v4):
                intex = ip_prefix_search.IPPSInterval(result_ip_v4[index][0],
                                     result_ip_v4[index][1],
                                     data=result_ip_v4[index][2])

                self.assertEqual(interval.start, intex.start, "IPv4 in mix init, low ip fail")
                self.assertEqual(interval.end, intex.end, "IPv4 in mix init, high ip fail")
                self.assertEqual(interval.get_data(), intex.get_data(), "IPv4 in mix init, data fail")

            for index, interval in enumerate(context.interval_list_v6):
                intex = ip_prefix_search.IPPSInterval(result_ip_v6[index][0],
                                     result_ip_v6[index][1],
                                     data=result_ip_v6[index][2])

                self.assertEqual(interval.start, intex.start, "IPv6 in mix init, low ip fail")
                self.assertEqual(interval.end, intex.end, "IPv6 in mix init, high ip fail")
                self.assertEqual(interval.get_data(), intex.get_data(), "IPv6 in mix init, data fail")

            networks = []

            for line_v4, line_v6 in zip(input_data_v4, input_data_v6):
                networks.append(ip_prefix_search.IPPSNetwork(line_v4[0], line_v4[1]))
                networks.append(ip_prefix_search.IPPSNetwork(line_v6[0], line_v6[1]))

            context = ip_prefix_search.IPPSContext(networks)

            self.assertEqual(context.ip_search(pytrap.UnirecIPAddr("0.0.0.0")), ['i', 'k'],
                             "IP search - lowest ip address search - fail")
            self.assertEqual(context.ip_search(pytrap.UnirecIPAddr("255.255.255.255")), ['j'],
                             "IP search - highest ip address search - fail")
            self.assertEqual(context.ip_search(pytrap.UnirecIPAddr("192.168.1.165")), ['j', 'b', 'c'],
                             "IP search - middle ip address search - fail")
            self.assertEqual(context.ip_search(pytrap.UnirecIPAddr("192.168.3.0")), ['j'],
                             "IP search - middle ip address search - fail")
            self.assertFalse(context.ip_search(pytrap.UnirecIPAddr("130.255.255.255")),
                             "IP search - no match ip address search - fail")
            self.assertFalse(context.ip_search(pytrap.UnirecIPAddr("191.255.255.255")),
                             "IP search - no match ip address search - fail")
            self.assertFalse(context.ip_search(pytrap.UnirecIPAddr("128.0.0.0")),
                             "IP search - no match ip address search - fail")

            self.assertEqual(context.ip_search(pytrap.UnirecIPAddr("0::0")), ['i', 'k'],
                             "IP search - lowest ip address search - fail")
            self.assertEqual(context.ip_search(pytrap.UnirecIPAddr("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")), ['j'],
                             "IP search - highest ip address search - fail")
            self.assertEqual(context.ip_search(pytrap.UnirecIPAddr("fd37:3b22:507d:a4f9:8000:00aa:0000:aaa")), ['j', 'b'],
                             "IP search - middle ip address search - fail")
            self.assertEqual(context.ip_search(pytrap.UnirecIPAddr("fd37:3b22:507d:a501:0000:0000:0000:0000")), ['j'],
                             "IP search - middle ip address search - fail")
            self.assertEqual(context.ip_search(pytrap.UnirecIPAddr("7fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")), ['i'],
                             "IP search - middle ip address search - fail")
            self.assertFalse(context.ip_search(pytrap.UnirecIPAddr("8000:0000:0000:0000:0000:0000:0000:0000")),
                             "IP search - no match ip address search - fail")
            self.assertFalse(context.ip_search(pytrap.UnirecIPAddr("9000:abcd:123:5678:2456:abce:eee:ffee")),
                             "IP search - no match ip address search - fail")
            self.assertFalse(context.ip_search(pytrap.UnirecIPAddr("bfff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")),
                             "IP search - no match ip address search - fail")
Ejemplo n.º 13
0
    def runTest(self):
        import ip_prefix_search
        import pytrap
        intex = ip_prefix_search.IPPSInterval("192.168.1.0/24")
        self.assertIsInstance(intex, ip_prefix_search.IPPSInterval)
        self.assertIsInstance(intex.start, pytrap.UnirecIPAddr)
        self.assertIsInstance(intex.end, pytrap.UnirecIPAddr)
        self.assertTrue(intex.start.isIPv4)
        self.assertTrue(intex.end.isIPv4)

        self.assertEqual(ip_prefix_search.IPPSInterval("192.168.1.0/24").get_data(), [], "get_data() test: empty data - fail")

        self.assertEqual(ip_prefix_search.IPPSInterval("192.168.1.0/24", data="aaa").get_data(), ['aaa'], "get_data() test: init data - fail")

        intex = ip_prefix_search.IPPSInterval("192.168.1.0", "192.168.1.255", "aaa")
        intex.add_data("bbb")
        self.assertEqual(intex.get_data(), ['aaa', 'bbb'], "add_data() test: simple data - fail")
        self.assertEqual(len(intex), 2, "add_data() test: simple data length - fail")

        self.assertTrue(pytrap.UnirecIPAddr("192.168.1.0") in intex, "in test: first ip - fail")
        self.assertTrue(pytrap.UnirecIPAddr("192.168.1.255") in intex, "in test: last ip - fail")
        self.assertTrue(pytrap.UnirecIPAddr("192.168.1.125") in intex, "in test: mid ip - fail")
        self.assertFalse(pytrap.UnirecIPAddr("192.168.0.255") in intex, "in test: low match - fail")
        self.assertFalse(pytrap.UnirecIPAddr("10.10.10.0") in intex, "in test: low match - fail")
        self.assertFalse(pytrap.UnirecIPAddr("192.168.2.0") in intex, "in test: great match - fail")
        self.assertFalse(pytrap.UnirecIPAddr("255.255.255.255") in intex, "in test: great match - fail")

        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("192.168.1.0")), 0, "in test: first ip - fail")
        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("192.168.1.255")), 0, "in test: last ip - fail")
        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("192.168.1.125")),  0, "in test: mid ip - fail")
        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("192.168.0.255")), -1, "in test: low match - fail")
        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("10.10.10.0")), -1, "in test: low match - fail")
        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("192.168.2.0")), 1, "in test: great match - fail")
        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("255.255.255.255")), 1, "in test: great match - fail")

        intex.add_data(["ccc", "ddd"])
        self.assertEqual(intex.get_data(), ['aaa', 'bbb', 'ccc', 'ddd'], "add_data() test: multiple data - fail")
        self.assertEqual(len(intex), 4, "add_data() test: multiple data length - fail")

        intex2 = ip_prefix_search.IPPSInterval("192.168.1.128", "192.168.2.172")
        result = intex.isOverlap(intex2)
        self.assertTrue(result, "isOverlap - match IPAddr in interval - fail")

        intex2 = ip_prefix_search.IPPSInterval("192.168.2.0", "192.168.2.128")
        result = intex.isOverlap(intex2)
        self.assertFalse(result, "isOverlap - no match IPAddr in interval -fail")

        intex2 = ip_prefix_search.IPPSInterval("192.168.2.0", "192.168.2.128")
        result = intex == intex2
        self.assertFalse(result, "Equal operator - not eq - fail")

        intex2 = ip_prefix_search.IPPSInterval(pytrap.UnirecIPAddr("192.168.1.0"), "192.168.2.128")
        result = intex == intex2
        self.assertFalse(result, "Equal operator - not eq - fail")

        intex2 = ip_prefix_search.IPPSInterval("192.168.1.128/25")
        result = intex == intex2
        self.assertFalse(result,  "Equal operator - not eq - fail")

        intex2 = ip_prefix_search.IPPSInterval("192.168.1.0", pytrap.UnirecIPAddr("192.168.1.255"))
        result = intex == intex2
        self.assertTrue(result, "Equal operator - eq - fail")
        self.assertEqual(len(intex2), 0, "init data test: simple data length - fail")

        first = ip_prefix_search.IPPSInterval("fd71:5693:e769:fc3f::/64")
        self.assertIsInstance(first, ip_prefix_search.IPPSInterval)
        self.assertIsInstance(first.start, pytrap.UnirecIPAddr)
        self.assertIsInstance(first.end, pytrap.UnirecIPAddr)
        self.assertTrue(first.start.isIPv6)
        self.assertTrue(first.end.isIPv6)

        self.assertEqual(first.get_data(), [], "get_data() test: empty data - fail")
        self.assertEqual(ip_prefix_search.IPPSInterval("fd71:5693:e769:fc3f::/64", data="aaa").get_data(), ['aaa'],
                         "get_data() test: init data - fail")

        first = ip_prefix_search.IPPSInterval("fd71:5693:e769:fc3f:0:0:0:0", "fd71:5693:e769:fc3f:ffff:ffff:ffff:ffff", "aaa")
        first.add_data("bbb")
        self.assertEqual(first.get_data(), ['aaa', 'bbb'], "add_data() test: simple data - fail")
        self.assertEqual(len(first), 2, "add_data() test: simple data length - fail")

        self.assertTrue(pytrap.UnirecIPAddr("fd71:5693:e769:fc3f:0:0:0:0") in first,
                        "ip_match() test: first ip - fail")
        self.assertTrue(pytrap.UnirecIPAddr("fd71:5693:e769:fc3f:ffff:ffff:ffff:ffff") in first,
                        "ip_match() test: last ip - fail")
        self.assertTrue(pytrap.UnirecIPAddr("fd71:5693:e769:fc3f:1:ffff:a:abab") in first,
                        "ip_match() test: mid ip - fail")
        self.assertFalse(pytrap.UnirecIPAddr("fd71:5693:e769:fc3e:ffff:ffff:ffff:ffff") in first,
                         "ip_match() test: low match - fail")
        self.assertFalse(pytrap.UnirecIPAddr("10:10:10::0") in first,
                         "ip_match() test: low match - fail")
        self.assertFalse(pytrap.UnirecIPAddr("fd71:5693:e769:fc40:0:0:0:0") in first,
                         "ip_match() test: great match - fail")
        self.assertFalse(pytrap.UnirecIPAddr("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff") in first,
                         "ip_match() test: great match - fail")

        self.assertEqual(first.isIn(pytrap.UnirecIPAddr("fd71:5693:e769:fc3f:0:0:0:0")), 0,
                         "ip_match() test: first ip - fail")
        self.assertEqual(first.isIn(pytrap.UnirecIPAddr("fd71:5693:e769:fc3f:ffff:ffff:ffff:ffff")), 0,
                         "ip_match() test: last ip - fail")
        self.assertEqual(first.isIn(pytrap.UnirecIPAddr("fd71:5693:e769:fc3f:1:ffff:a:abab")), 0,
                         "ip_match() test: mid ip - fail")
        self.assertEqual(first.isIn(pytrap.UnirecIPAddr("fd71:5693:e769:fc3e:ffff:ffff:ffff:ffff")), -1,
                         "ip_match() test: low match - fail")
        self.assertEqual(first.isIn(pytrap.UnirecIPAddr("10:10:10::0")), -1,
                         "ip_match() test: low match - fail")
        self.assertEqual(first.isIn(pytrap.UnirecIPAddr("fd71:5693:e769:fc40:0:0:0:0")), 1,
                         "ip_match() test: great match - fail")
        self.assertEqual(first.isIn(pytrap.UnirecIPAddr("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")), 1,
                         "ip_match() test: great match - fail")

        first.add_data(["ccc", "ddd"])
        self.assertEqual(first.get_data(), ['aaa', 'bbb', 'ccc', 'ddd'], "add_data() test: multiple data - fail")
        self.assertEqual(len(first), 4, "add_data() test: multiple data length - fail")

        intex2 = ip_prefix_search.IPPSInterval("fd71:5693:e769:fc3f:0000:0000:0000:0000",
                              "fd71:5693:e769:fc3f:7fff:ffff:ffff:ffff",
                              "bbb")

        result = intex2.isOverlap(first)
        self.assertTrue(result, "Modulo operator - match IPAddr in interval - fail")
        self.assertEqual(len(intex2), 1, "init data test: simple data length - fail")

        intex2 = ip_prefix_search.IPPSInterval("fd71:5693:e769:fc3f:7000:0000:0000:0000", "fd71:5693:e769:fc50:0000:0000:0000:0000")
        result = first.isOverlap(intex2)
        self.assertTrue(result, "isOverlap - match IPAddr in interval - fail")

        intex2 = ip_prefix_search.IPPSInterval("fd71:5693:e769:fc3f:7000:0000:0000:0000", "fd71:5693:e769:fc3f:ffff:ffff:ffff:ffff")
        result = first.isOverlap(intex2)
        self.assertTrue(result, "isOverlap - match IPAddr in interval - fail")

        intex2 = ip_prefix_search.IPPSInterval(pytrap.UnirecIPAddr("fd71:5693:e769:fc40:0000:0000:0000:0000"),
                              "fd71:5693:e769:fc40:7000:0000:0000:0000")
        result = first.isOverlap(intex2)
        self.assertFalse(result, "Modulo operator - no match IPAddr in interval -fail")

        result = first == intex2
        self.assertFalse(result, "Equal operator - not eq - fail")

        intex2 = ip_prefix_search.IPPSInterval("fd71:5693:e769:fc3f:0000:0000:0000:0000", "fd71:5693:e769:fc40:7000:0000:0000:0000")
        result = first == intex2
        self.assertFalse(result, "Equal operator - not eq - fail")

        intex2 = ip_prefix_search.IPPSInterval("fd71:5693:e769:fc3f:0000:0000:0000:0000/66")
        result = first == intex2
        self.assertFalse(result, "Equal operator - not eq - fail")

        intex2 = ip_prefix_search.IPPSInterval("fd71:5693:e769:fc3f:0000:0000:0000:0000/64")
        result = first == intex2
        self.assertTrue(result, "Equal operator - eq - fail")
        self.assertEqual(len(intex2), 0, "init data test: simple data length - fail")
Ejemplo n.º 14
0
def convert_to_idea(rec, opts=None):
    """
    Converts the aggregated ipblacklistfilter event(json) to the IDEA format.
    This module represents only one type of events - Cryptocurrency mining -
    for the sake of simplicity.
    For more universal purpose, use blacklist2idea.py.

    Args:
        rec: the record from ipblacklistfilter and aggregator
        opts: cmd options

    Returns:
        dict: idea
    """
    global GUARDED_PREFIXES

    if not GUARDED_PREFIXES:
        GUARDED_PREFIXES = load_prefixes(opts.prefixes)

    idea = {
        "Category": ["Suspicious.Miner"],
        "Format":
        "IDEA0",
        "ID":
        getRandomId(),
        "CreateTime":
        getIDEAtime(),
        "EventTime":
        getIDEAtime(pytrap.UnirecTime(rec["ts_first"])),
        "DetectTime":
        getIDEAtime(pytrap.UnirecTime(rec["ts_last"])),
        "CeaseTime":
        getIDEAtime(pytrap.UnirecTime(rec["ts_last"])),
        "Description":
        "Possible CryptoCurrency mining identified by connection with a mining pool.",
        "Source": [],
        "Target": [],
        "Node": [{
            "Name": "undefined",
            "SW": ["Nemea", "blacklistfilter"],
            "AggrWin": minutes_to_aggr_win(int(rec["agg_win_minutes"])),
            "Type": ["Flow", "Blacklist"]
        }],
        "Ref": ["http://smashed.fit.vutbr.cz:8080/miningProp/json"]
    }

    if rec["protocol"] in PROTO_CONV:
        proto = PROTO_CONV[rec["protocol"]]
        idea['Source'].append({'Proto': [proto]})
        idea['Target'].append({'Proto': [proto]})

    miners = [pytrap.UnirecIPAddr(t) for t in rec["targets"]]
    pool = pytrap.UnirecIPAddr(rec["source"])
    idea['Source'][0]["Type"] = "Miner"

    for miner in miners:
        setAddr(idea['Source'][0], miner)

    # look up pool IP in guarded prefixes
    if GUARDED_PREFIXES and any([pool in p for p in GUARDED_PREFIXES]):
        # own guarded resource was detected as a pool - add as Source
        idea['Source'].append({"Proto": [proto]})
        setAddr(idea['Source'][1], pool)
        idea['Source'][1]["Type"] = "MiningPool"
        idea[
            'Note'] = 'IP {1} and port(s) {2} is listed as a mining pool server (by sMaSheD list of cryptocurrency mining pools), and IP {0} communicated with this service - possible miner.'.format(
                ", ".join([str(m) for m in miners]), str(pool),
                ", ".join([str(p) for p in rec["source_ports"]]))
        del idea['Target']
    else:
        # pool is just an external IP and our resource is a potential miner
        # - add pool as Target
        setAddr(idea['Target'][0], pool)
        idea['Target'][0]["Type"] = "MiningPool"
        idea[
            'Note'] = 'Detected possible CryptoCurrency mining by IP {0}, because of observed communication with {1}:{2} listed as a mining pool server (by sMaSheD list of cryptocurrency mining pools).'.format(
                ", ".join([str(m) for m in miners]), str(pool),
                ", ".join([str(p) for p in rec["source_ports"]]))

    return idea
    def runTest(self):
        import pytrap
        a = pytrap.UnirecTemplate(
            "uint32 FOO, uint32 BAR, ipaddr IP, string STR, int32* ARR1, ipaddr* IPs, macaddr* MACs, uint64* ARR2, time* TIMEs"
        )
        data = bytearray(
            b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbc\x61\x4e\xff\xff\xff\xff\x31\xd4\x00\x00\x39\x30\x00\x00\x00\x00\x0c\x00\x0c\x00\x28\x00\x34\x00\x12\x00\x46\x00\x50\x00\x96\x00\x18\x00\xae\x00\x50\x00\x48\x65\x6c\x6c\x6f\x20\x57\x6f\x72\x6c\x64\x21\xf7\xff\xff\xff\xf8\xff\xff\xff\xf9\xff\xff\xff\xfa\xff\xff\xff\xfb\xff\xff\xff\xfc\xff\xff\xff\xfd\xff\xff\xff\xfe\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11\x11\x11\x11\x11\x22\x22\x22\x22\x22\x22\x0a\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x0d\x00\x00\x00\x00\x00\x00\x00\x0e\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe6\xc0\x33\x5b\x00\x00\x00\x80\xe6\xc0\x33\x5b\x00\x00\x00\x00\xe6\xc0\x33\x5b\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x00\x00\x01\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x00\x00\x02\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbc\x61\x4e\xff\xff\xff\xff'
        )
        a.setData(data)
        self.assertEqual(len(a), 9, "Number of fields differs, 9 expected.")
        self.assertEqual(
            str(a),
            "(ipaddr IP,uint32 BAR,uint32 FOO,string STR,int32* ARR1,macaddr* MACs,uint64* ARR2,time* TIMEs,ipaddr* IPs)"
        )
        d = a.getFieldsDict()
        self.assertEqual(type(d), dict)
        self.assertEqual(
            set(d.keys()),
            set([
                'IP', 'BAR', 'FOO', 'STR', 'ARR1', 'MACs', 'ARR2', 'TIMEs',
                'IPs'
            ]))

        self.assertEqual(a.getFieldType("ARR1"), list)
        self.assertEqual(a.getFieldType("ARR2"), list)
        self.assertEqual(a.getFieldType("IPs"), list)
        self.assertEqual(a.getFieldType("TIMEs"), list)

        self.assertEqual(a.get(data, "FOO"), 12345)
        self.assertEqual(a.get(data, "FOO"), a.getByID(data, 6))
        self.assertEqual(a.get(data, "FOO"), a.FOO)

        self.assertEqual(a.get(data, "BAR"), 54321)
        self.assertEqual(a.get(data, "BAR"), a.getByID(data, 7))
        self.assertEqual(a.get(data, "BAR"), a.BAR)

        self.assertEqual(a.get(data, "IP"), pytrap.UnirecIPAddr("0.188.97.78"))
        self.assertEqual(a.get(data, "IP"), a.getByID(data, 8))
        self.assertEqual(a.get(data, "IP"), a.IP)

        self.assertEqual(a.get(data, "STR"), "Hello World!")
        self.assertEqual(a.get(data, "STR"), a.getByID(data, 9))
        self.assertEqual(a.get(data, "STR"), a.STR)

        self.assertEqual(a.get(data, "ARR1"),
                         [-9, -8, -7, -6, -5, -4, -3, -2, -1, 0])
        self.assertEqual(a.get(data, "ARR1"), a.getByID(data, 10))
        self.assertEqual(a.get(data, "ARR1"), a.ARR1)

        self.assertEqual(a.get(data, "IPs"), [
            pytrap.UnirecIPAddr("10.0.0.1"),
            pytrap.UnirecIPAddr("10.0.0.2"),
            pytrap.UnirecIPAddr("::1"),
            pytrap.UnirecIPAddr("127.0.0.1"),
            pytrap.UnirecIPAddr("0.188.97.78")
        ])
        self.assertEqual(a.get(data, "IPs"), a.getByID(data, 11))
        self.assertEqual(a.get(data, "IPs"), a.IPs)

        self.assertEqual(a.get(data, "MACs"), [
            pytrap.UnirecMACAddr("0:0:0:0:0:0"),
            pytrap.UnirecMACAddr("11:11:11:11:11:11"),
            pytrap.UnirecMACAddr("22:22:22:22:22:22")
        ])
        self.assertEqual(a.get(data, "MACs"), a.getByID(data, 12))
        self.assertEqual(a.get(data, "MACs"), a.MACs)

        self.assertEqual(a.get(data, "ARR2"),
                         [10, 11, 12, 13, 14, 15, 16, 17, 18, 19])
        self.assertEqual(a.get(data, "ARR2"), a.getByID(data, 13))
        self.assertEqual(a.get(data, "ARR2"), a.ARR2)

        self.assertEqual(a.get(data, "TIMEs"), [
            pytrap.UnirecTime("2018-06-27T16:52:54"),
            pytrap.UnirecTime("2018-06-27T16:52:54.500"),
            pytrap.UnirecTime("2018-06-27T16:52:54Z"),
        ])
        self.assertEqual(a.get(data, "TIMEs"), a.getByID(data, 14))
        self.assertEqual(a.get(data, "TIMEs"), a.TIMEs)

        f_str = "Hello Unirec!"
        f_arr1 = [-42, 7, 11, 13, -17, 19]
        f_ips = [
            pytrap.UnirecIPAddr("10.200.4.1"),
            pytrap.UnirecIPAddr("192.168.0.200"),
            pytrap.UnirecIPAddr("2000::1")
        ]
        f_macs = [
            pytrap.UnirecMACAddr("6:5:4:3:2:1"),
            pytrap.UnirecMACAddr("FF:FF:FF:FF:FF:FF"),
            pytrap.UnirecMACAddr("1:1:1:1:1:1"),
            pytrap.UnirecMACAddr("1:2:3:4:5:6")
        ]
        f_arr2 = [123467890, 987654321]
        f_times = [
            pytrap.UnirecTime(1466706915, 999),
            pytrap.UnirecTime(146324234, 999),
            pytrap.UnirecTime(0, 1),
            pytrap.UnirecTime(1466700000, 0)
        ]

        a.set(data, "STR", f_str)
        a.set(data, "ARR1", f_arr1)
        a.set(data, "IPs", f_ips)
        a.MACs = f_macs
        a.ARR2 = f_arr2
        a.set(data, "TIMEs", f_times)

        self.assertEqual(a.get(data, "STR"), f_str)
        self.assertEqual(a.get(data, "ARR1"), f_arr1)
        self.assertEqual(a.get(data, "IPs"), f_ips)
        self.assertEqual(a.get(data, "MACs"), f_macs)
        self.assertEqual(a.get(data, "ARR2"), f_arr2)
        self.assertEqual(a.get(data, "TIMEs"), f_times)

        f_arr2 = []
        a.ARR2 = f_arr2
        self.assertEqual(a.get(data, "ARR2"), f_arr2)

        f_arr1 = -42
        a.ARR1 = f_arr1
        self.assertEqual(a.get(data, "ARR1"), [f_arr1])
    def runTest(self):
        import pytrap

        # 2 arguments or <ip>/<netmask> are required
        with self.assertRaises(TypeError):
            pytrap.UnirecIPAddrRange("1.2.3.4")
        with self.assertRaises(TypeError):
            pytrap.UnirecIPAddrRange(pytrap.UnirecIPAddr("1.2.3.4"))

        # Integer arguments are not supported
        with self.assertRaises(TypeError):
            pytrap.UnirecIPAddrRange(1, 2)

        ip1 = pytrap.UnirecIPAddrRange("192.168.3.1/24")
        self.assertEqual(ip1, ip1)
        self.assertEqual(type(ip1), pytrap.UnirecIPAddrRange,
                         "Bad type of IP address Range object.")
        self.assertEqual(str(ip1), "192.168.3.0 - 192.168.3.255",
                         "IP address is not equal to its str().")
        self.assertEqual(
            repr(ip1),
            "UnirecIPAddrRange(UnirecIPAddr('192.168.3.0'), UnirecIPAddr('192.168.3.255'))",
            "IP address is not equal to its repr().")

        self.assertTrue(ip1.start.isIPv4(), "IPv6 was recognized as IPv4.")
        self.assertFalse(ip1.start.isIPv6(), "IPv6 was not recognized.")
        self.assertEqual(ip1.start.isIPv4(), ip1.end.isIPv4(),
                         "IPv4 was not recognized.")
        self.assertEqual(ip1.start.isIPv6(), ip1.end.isIPv6(),
                         "IPv4 was recognized as IPv6.")

        ip2 = pytrap.UnirecIPAddrRange("192.168.0.1/24")
        ip3 = pytrap.UnirecIPAddrRange("192.168.3.1/24")
        self.assertFalse(ip1 == ip2,
                         "Comparison of different IP addresses failed.")
        self.assertFalse(ip1 <= ip2,
                         "Comparison of the same IP addresses failed.")
        self.assertFalse(ip2 >= ip1,
                         "Comparison of the same IP addresses failed.")
        self.assertFalse(ip1 != ip3,
                         "Comparison of the same IP addresses failed.")
        self.assertFalse(ip1 < ip3,
                         "Comparison of the same IP addresses failed.")
        self.assertFalse(ip1 > ip3,
                         "Comparison of the same IP addresses failed.")

        ip1 = pytrap.UnirecIPAddrRange("192.168.3.1/32")
        self.assertEqual(ip1.start, ip1.end)
        ip1 = pytrap.UnirecIPAddrRange("192.168.3.1", "192.168.3.1")
        self.assertEqual(ip1.start, ip1.end)
        ip1 = pytrap.UnirecIPAddrRange(pytrap.UnirecIPAddr("192.168.4.1"),
                                       pytrap.UnirecIPAddr("192.168.4.1"))
        self.assertEqual(ip1.start, ip1.end)

        ip1 = pytrap.UnirecIPAddrRange("fd7c:e770:9b8a::465/64")
        self.assertEqual(type(ip1), pytrap.UnirecIPAddrRange,
                         "Bad type of IP address object.")
        self.assertEqual(
            str(ip1),
            "fd7c:e770:9b8a:: - fd7c:e770:9b8a:0:ffff:ffff:ffff:ffff",
            "IP address is not equal to its str().")
        self.assertEqual(
            repr(ip1),
            "UnirecIPAddrRange(UnirecIPAddr('fd7c:e770:9b8a::'), UnirecIPAddr('fd7c:e770:9b8a:0:ffff:ffff:ffff:ffff'))",
            "IP address is not equal to its repr().")

        self.assertFalse(ip1.start.isIPv4(), "IPv6 was not recognized.")
        self.assertTrue(ip1.start.isIPv6(), "IPv6 was recognized as IPv4.")
        self.assertEqual(ip1.start.isIPv4(), ip1.end.isIPv4(),
                         "IPv4 was not recognized.")
        self.assertEqual(ip1.start.isIPv6(), ip1.end.isIPv6(),
                         "IPv4 was recognized as IPv6.")

        ip1 = pytrap.UnirecIPAddrRange("fd7c:e770:9b8a::465/128")
        self.assertEqual(ip1.start, ip1.end)
        ip1 = pytrap.UnirecIPAddrRange("fd7c:e770:9b8a::465",
                                       "fd7c:e770:9b8a::465")
        self.assertEqual(ip1.start, ip1.end)
        ip1 = pytrap.UnirecIPAddrRange(
            pytrap.UnirecIPAddr("fd7c:e770:9b8a::465"),
            pytrap.UnirecIPAddr("fd7c:e770:9b8a::465"))
        self.assertEqual(ip1.start, ip1.end)

        intex = pytrap.UnirecIPAddrRange("192.168.1.0", "192.168.1.255")

        self.assertTrue(
            pytrap.UnirecIPAddr("192.168.1.0") in intex,
            "in test: first ip - fail")
        self.assertTrue(
            pytrap.UnirecIPAddr("192.168.1.255") in intex,
            "in test: last ip - fail")
        self.assertTrue(
            pytrap.UnirecIPAddr("192.168.1.125") in intex,
            "in test: mid ip - fail")
        self.assertFalse(
            pytrap.UnirecIPAddr("192.168.0.255") in intex,
            "in test: low match - fail")
        self.assertFalse(
            pytrap.UnirecIPAddr("10.10.10.0") in intex,
            "in test: low match - fail")
        self.assertFalse(
            pytrap.UnirecIPAddr("192.168.2.0") in intex,
            "in test: great match - fail")
        self.assertFalse(
            pytrap.UnirecIPAddr("255.255.255.255") in intex,
            "in test: great match - fail")

        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("192.168.1.0")), 0,
                         "in test: first ip - fail")
        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("192.168.1.255")), 0,
                         "in test: last ip - fail")
        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("192.168.1.125")), 0,
                         "in test: mid ip - fail")
        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("192.168.0.255")), -1,
                         "in test: low match - fail")
        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("10.10.10.0")), -1,
                         "in test: low match - fail")
        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("192.168.2.0")), 1,
                         "in test: great match - fail")
        self.assertEqual(intex.isIn(pytrap.UnirecIPAddr("255.255.255.255")), 1,
                         "in test: great match - fail")

        intex2 = pytrap.UnirecIPAddrRange("192.168.1.128", "192.168.2.172")
        result = intex.isOverlap(intex2)
        self.assertTrue(result, "isOverlap - match IPAddr in interval - fail")

        intex2 = pytrap.UnirecIPAddrRange("192.168.2.0", "192.168.2.128")
        result = intex.isOverlap(intex2)
        self.assertFalse(result,
                         "isOverlap - no match IPAddr in interval -fail")

        intex2 = pytrap.UnirecIPAddrRange("192.168.2.0", "192.168.2.128")
        result = intex == intex2
        self.assertFalse(result, "Equal operator - not eq - fail")

        intex2 = pytrap.UnirecIPAddrRange(pytrap.UnirecIPAddr("192.168.1.0"),
                                          "192.168.2.128")
        result = intex == intex2
        self.assertFalse(result, "Equal operator - not eq - fail")

        intex2 = pytrap.UnirecIPAddrRange("192.168.1.128/25")
        result = intex == intex2
        self.assertFalse(result, "Equal operator - not eq - fail")

        intex2 = pytrap.UnirecIPAddrRange("192.168.1.0",
                                          pytrap.UnirecIPAddr("192.168.1.255"))
        result = intex == intex2
        self.assertTrue(result, "Equal operator - eq - fail")

        # test if UnirecIPAddrRange is hashable (can be used in dict as a key)
        rangemap = dict()
        rangemap[ip1] = 1
        rangemap[ip2] = 2
        if ip1 not in rangemap:
            self.fail("ip1 should be already in dict.")
        if ip2 not in rangemap:
            self.fail("ip2 should be already in dict.")
        s = 0
        for key in rangemap:
            s += rangemap[key]
        self.assertEqual(s, 3)
Ejemplo n.º 17
0
    def runTest(self):
        import pytrap
        ip1 = pytrap.UnirecIPAddr("192.168.3.1")
        self.assertEqual(ip1, ip1)
        self.assertEqual(type(ip1), pytrap.UnirecIPAddr,
                         "Bad type of IP address object.")
        self.assertEqual(str(ip1), "192.168.3.1",
                         "IP address is not equal to its str().")
        self.assertEqual(repr(ip1), "UnirecIPAddr('192.168.3.1')",
                         "IP address is not equal to its repr().")

        self.assertTrue(ip1.isIPv4(), "IPv4 was not recognized.")
        self.assertFalse(ip1.isIPv6(), "IPv4 was recognized as IPv6.")

        ip2 = pytrap.UnirecIPAddr("192.168.0.1")
        ip3 = pytrap.UnirecIPAddr("192.168.3.1")
        self.assertFalse(ip1 == ip2,
                         "Comparison of different IP addresses failed.")
        self.assertFalse(ip1 <= ip2,
                         "Comparison of the same IP addresses failed.")
        self.assertFalse(ip2 >= ip1,
                         "Comparison of the same IP addresses failed.")
        self.assertFalse(ip1 != ip3,
                         "Comparison of the same IP addresses failed.")
        self.assertFalse(ip1 < ip3,
                         "Comparison of the same IP addresses failed.")
        self.assertFalse(ip1 > ip3,
                         "Comparison of the same IP addresses failed.")

        ip1 = pytrap.UnirecIPAddr("fd7c:e770:9b8a::465")
        self.assertEqual(type(ip1), pytrap.UnirecIPAddr,
                         "Bad type of IP address object.")
        self.assertEqual(str(ip1), "fd7c:e770:9b8a::465",
                         "IP address is not equal to its str().")
        self.assertEqual(repr(ip1), "UnirecIPAddr('fd7c:e770:9b8a::465')",
                         "IP address is not equal to its repr().")
        self.assertFalse(ip1.isIPv4(), "IPv6 was not recognized.")
        self.assertTrue(ip1.isIPv6(), "IPv6 was recognized as IPv4.")

        d = dict()
        i1 = pytrap.UnirecIPAddr("0:0:0:1::")
        i2 = pytrap.UnirecIPAddr("::1")
        i3 = pytrap.UnirecIPAddr("8.8.8.8")
        d[i1] = 1
        d[i2] = 2
        d[i3] = 3
        self.assertEqual(d[i3], 3)
        self.assertEqual(d[i1], 1)
        self.assertEqual(d[i2], 2)
        i4 = pytrap.UnirecIPAddr("8.8.4.4")
        try:
            print(d[i4])
            self.fail("IP address shouldn't be in dict")
        except KeyError:
            pass

        try:
            i = pytrap.UnirecIPAddr(0)
            self.fail("Only string is a valid argument of UnirecIPAddr()")
        except TypeError:
            pass
        i = pytrap.UnirecIPAddr("::")
        self.assertTrue(i.isNull())
        self.assertFalse(i)
        i = pytrap.UnirecIPAddr("::1")
        self.assertFalse(i.isNull())
        self.assertTrue(i)
        i = pytrap.UnirecIPAddr("0.0.0.0")
        self.assertTrue(i.isNull())
        self.assertFalse(i)
        i = pytrap.UnirecIPAddr("1.2.3.4")
        self.assertFalse(i.isNull())
        self.assertTrue(i)

        # __contains__
        self.assertFalse(i3 in i4)
        self.assertTrue(i4 in i4)
        self.assertTrue(
            pytrap.UnirecIPAddr("1.2.3.4") in pytrap.UnirecIPAddr("1.2.3.4"))
        ip = pytrap.UnirecIPAddr("1.2.3.4")
        bl1 = pytrap.UnirecIPAddr("1.2.3.4")
        bl2 = pytrap.UnirecIPAddrRange("1.0.0.0/8")
        bl3 = pytrap.UnirecIPAddr("1.2.3.5")
        bl4 = pytrap.UnirecIPAddrRange("2.0.0.0/8")
        # both are True:
        self.assertTrue(ip in bl1)
        self.assertTrue(ip in bl2)
        # both are False
        self.assertFalse(ip in bl3)
        self.assertFalse(ip in bl4)

        try:
            i = 1 in i4
            self.fail("only UnirecIPAddr type supported.")
        except TypeError:
            # expected UnirecIPAddr type
            pass
Ejemplo n.º 18
0
    def runTest(self):
        import pytrap
        import os
        import time

        messages = 10000000

        urtempl = "ipaddr IP,uint16 PORT"

        # Start sender
        c1 = pytrap.TrapCtx()
        c1.init(["-i", "f:/tmp/pytrap_test3"], 0, 1)
        c1.setDataFmt(0, pytrap.FMT_UNIREC, urtempl)
        c1.ifcctl(0, False, pytrap.CTL_TIMEOUT, 500000)
        c1.ifcctl(0, False, pytrap.CTL_AUTOFLUSH, 500000)

        t = pytrap.UnirecTemplate(urtempl)
        t.createMessage()

        t.IP = pytrap.UnirecIPAddr("192.168.0.1")

        for i in range(messages):
            t.PORT = i
            c1.send(t.getData())
        c1.sendFlush()

        # Start Receiver
        c2 = pytrap.TrapCtx()
        c2.init(["-i", "f:/tmp/pytrap_test3"], 1)
        c2.setRequiredFmt(0, pytrap.FMT_UNIREC, urtempl)
        startt = time.process_time()
        data = c2.recvBulk(t, time=15, count=messages)
        elapsed_time = time.process_time() - startt
        print(
            f"recvBulk() Elapsed time for {messages} messages is: {elapsed_time}"
        )

        self.assertEqual(len(data), messages)
        ports = [i["PORT"] for i in data]
        self.assertEqual(ports, [i & 0xFFFF for i in range(messages)])

        # Start Receiver
        c2 = pytrap.TrapCtx()
        c2.init(["-i", "f:/tmp/pytrap_test3"], 1)
        c2.setRequiredFmt(0, pytrap.FMT_UNIREC, urtempl)
        startt = time.process_time()
        data = list()
        while True:
            d = c2.recv()
            if not d:
                break
            t.setData(d)
            data.append(t.getDict())

        elapsed_time = time.process_time() - startt
        print(
            f"recv() Elapsed time for {messages} messages is: {elapsed_time}")

        self.assertEqual(len(data), messages)
        ports = [i["PORT"] for i in data]
        self.assertEqual(ports, [i & 0xFFFF for i in range(messages)])

        c1.finalize()
        c2.finalize()

        os.unlink("/tmp/pytrap_test3")