def flow_handler(self, flow):
# print "FLOW HANDLER", flow.srcaddr
src = pcap.aton(flow.srcaddr)
dst = pcap.aton(flow.dstaddr)
bsrc = netutils.ip_is_reserved(src)
bdst = netutils.ip_is_reserved(dst)
db = flow.dOctets
if bsrc and bdst:
self.data["net_load_loc"] += db
elif not bsrc and bdst:
self.data["net_load_in"] += db
elif bsrc and not bdst:
self.data["net_load_out"] += db
else:
print "Raaa"
def flow_handler(self, flow):
# print "FLOW HANDLER", flow.srcaddr
src = pcap.aton(flow.srcaddr)
dst = pcap.aton(flow.dstaddr)
bsrc = netutils.ip_is_reserved(src)
bdst = netutils.ip_is_reserved(dst)
db = flow.dOctets
if bsrc and bdst:
self.data["net_load_loc"] += db
elif not bsrc and bdst:
self.data["net_load_in"] += db
elif bsrc and not bdst:
self.data["net_load_out"] += db
else:
print "Raaa"
def handle_query(query, ip_dict, port_dict, ip_to_ip_dict, ip_port_dict):
arr = query.split()
if arr[0] == "list":
list_all(ip_dict)
print
return
# IP-specific queries
try:
ip = pcap.aton(arr[1])
except:
print("Couldn't parse IP address " + arr[1])
return
# Display all IPs that this IP has communicated with
if arr[0] == "friends":
for other in ip_dict[ip]:
print(pcap.ntoa(other))
print
# List all live TCP sessions for IP
if arr[0] == "live":
list_live(ip, ip_dict, ip_to_ip_dict, ip_port_dict)
def handle_query(query, ip_dict, port_dict, ip_to_ip_dict, ip_port_dict):
arr = query.split()
if arr[0] == "list":
list_all(ip_dict)
print
return
# IP-specific queries
try:
ip = pcap.aton(arr[1])
except:
print("Couldn't parse IP address " + arr[1])
return
# Display all IPs that this IP has communicated with
if arr[0] == "friends":
for other in ip_dict[ip]:
print(pcap.ntoa(other))
print
# List all live TCP sessions for IP
if arr[0] == "live":
list_live(ip, ip_dict, ip_to_ip_dict, ip_port_dict)
def ip_is_reserved(ip, reverse=False):
dIPReserved = [
(pcap.aton('0.0.0.0'),
8), # Current network (only valid as source address) RFC 5735
(pcap.aton('10.0.0.0'), 8), # Private network RFC 1918
(pcap.aton('100.64.0.0'), 10), # Shared Address Space RFC 6598
(pcap.aton('127.0.0.0'), 8), # Loopback RFC 5735
(pcap.aton('169.254.0.0'), 16), # Link-local RFC 3927
(pcap.aton('172.16.0.0'), 12), # Private network RFC 1918
(pcap.aton('192.0.0.0'), 24), # IETF Protocol Assignments RFC 5735
(pcap.aton('192.0.2.0'),
24), # TEST-NET-1, documentation and examples RFC 5735
(pcap.aton('192.88.99.0'), 24), # IPv6 to IPv4 relay RFC 3068
(pcap.aton('192.168.0.0'), 16), # Private network RFC 1918
(pcap.aton('198.18.0.0'), 15), # Network benchmark tests RFC 2544
(pcap.aton('198.51.100.0'),
24), # TEST-NET-2, documentation and examples RFC 5737
(pcap.aton('203.0.113.0'),
24), # TEST-NET-3, documentation and examples RFC 5737
(pcap.aton('224.0.0.0'),
4), # IP multicast (former Class D network) RFC 5771
(pcap.aton('240.0.0.0'),
4), # Reserved (former Class E network) RFC 1700
(pcap.aton('255.255.255.255'), 32) # Broadcast
]
if reverse:
ip = ip_reverse(ip)
reserved = False
for (net, m) in dIPReserved:
mask = 0xffffffff >> (32 - m)
if (ip & mask) == net:
reserved = True
break
return reserved
def run(self):
logger = logging.getLogger()
# no module, no start
if len(self.lmod) == 0:
logger.debug("No Flow module")
return 0
logger.info("NetFlow : Listining on %s:%i" % (self.config.flow_addr, self.config.flow_port))
sock = socket.socket(
socket.AF_INET,
socket.SOCK_DGRAM)
sock.bind((self.config.flow_addr, self.config.flow_port))
sock.settimeout(SOCKET_TIMEOUT)
lmod = self.lmod
lfnt_flowhandle = list()
lfnt_trigger_save = list()
for mod in lmod:
lfnt_flowhandle.append(mod.flow_handler)
lfnt_trigger_save.append(mod.trigger_db_save)
# List loaded module
for mod in self.lmod:
logger.info("NetFlow : Load network module - websocket subprotocol " + mod.__str__())
# Init
ws_data = WsData()
last_update_t = time()
last_save_t = time()
self.database = self.config.database
db_on = self.config.database["on"]
# Mysql database
mydb = self.database["class"](
host=self.database["conf"]["host"],
user=self.database["conf"]["user"],
passwd=self.database["conf"]["passwd"],
database=self.database["conf"]["database"],
port=self.database["conf"]["port"])
if db_on:
# connection to database
mydb.connection()
if mydb.is_connect():
for mod in lmod:
mod.database_init(mydb)
mydb.commit()
while not self.term:
try:
data, addr = sock.recvfrom(SOCKET_BUFFER)
sett = flowtools.FlowPDU(pcap.aton(addr[0]), data)
map(lambda x: map(lambda y: y(x), lfnt_flowhandle), sett)
except socket.timeout:
pass
except SystemError:
logger.error("SystemError on Flow packet")
# Modules update call
if time() - last_update_t > MIN_TIME_MOD_UPDATE:
last_update_t = time()
l_res = list()
for mod in lmod:
data = mod.trigger_data_update()
if data is not None:
ws_data.send(mod.protocol, data)
# Modules save call
if db_on and mydb.connect is not None:
if time() - last_save_t > MIN_TIME_DB_UPDATE:
last_save_t = time()
map(lambda x: x(mydb), lfnt_trigger_save)
mydb.commit()
'description': 'Shim6 Protocol'
},
141: {
'callback': None,
'protocol': 'WESP',
'description': 'Wrapped Encapsulating Security Payload'
},
142: {
'callback': None,
'protocol': 'ROHC',
'description': 'Robust Header Compression'
}
}
dIPReserved = [
(pcap.aton('0.0.0.0'),
8), # Current network (only valid as source address) RFC 5735
(pcap.aton('10.0.0.0'), 8), # Private network RFC 1918
(pcap.aton('100.64.0.0'), 10), # Shared Address Space RFC 6598
(pcap.aton('127.0.0.0'), 8), # Loopback RFC 5735
(pcap.aton('169.254.0.0'), 16), # Link-local RFC 3927
(pcap.aton('172.16.0.0'), 12), # Private network RFC 1918
(pcap.aton('192.0.0.0'), 24), # IETF Protocol Assignments RFC 5735
(pcap.aton('192.0.2.0'),
24), # TEST-NET-1, documentation and examples RFC 5735
(pcap.aton('192.88.99.0'), 24), # IPv6 to IPv4 relay RFC 3068
(pcap.aton('192.168.0.0'), 16), # Private network RFC 1918
(pcap.aton('198.18.0.0'), 15), # Network benchmark tests RFC 2544
(pcap.aton('198.51.100.0'),
24), # TEST-NET-2, documentation and examples RFC 5737
(pcap.aton('203.0.113.0'),
131: {'callback': None, 'protocol': 'PIPE', 'description': 'Private IP Encapsulation within IP'},
132: {'callback': None, 'protocol': 'SCTP', 'description': 'Stream Control Transmission Protocol'},
133: {'callback': None, 'protocol': 'FC', 'description': 'Fibre Channel'},
134: {'callback': None, 'protocol': 'RSVP-E2E-IGNORE', 'description': ''},
135: {'callback': None, 'protocol': 'Mobility Header', 'description': ''},
136: {'callback': None, 'protocol': 'UDPLite', 'description': ''},
137: {'callback': None, 'protocol': 'MPLS-in-IP', 'description': ''},
138: {'callback': None, 'protocol': 'manet', 'description': 'MANET Protocols'},
139: {'callback': None, 'protocol': 'HIP', 'description': 'Host Identity Protocol'},
140: {'callback': None, 'protocol': 'Shim6', 'description': 'Shim6 Protocol'},
141: {'callback': None, 'protocol': 'WESP', 'description': 'Wrapped Encapsulating Security Payload'},
142: {'callback': None, 'protocol': 'ROHC', 'description': 'Robust Header Compression'}
}
dIPReserved = [
(pcap.aton('0.0.0.0'), 8), # Current network (only valid as source address) RFC 5735
(pcap.aton('10.0.0.0'), 8), # Private network RFC 1918
(pcap.aton('100.64.0.0'), 10), # Shared Address Space RFC 6598
(pcap.aton('127.0.0.0'), 8), # Loopback RFC 5735
(pcap.aton('169.254.0.0'), 16), # Link-local RFC 3927
(pcap.aton('172.16.0.0'), 12), # Private network RFC 1918
(pcap.aton('192.0.0.0'), 24), # IETF Protocol Assignments RFC 5735
(pcap.aton('192.0.2.0'), 24), # TEST-NET-1, documentation and examples RFC 5735
(pcap.aton('192.88.99.0'), 24), # IPv6 to IPv4 relay RFC 3068
(pcap.aton('192.168.0.0'), 16), # Private network RFC 1918
(pcap.aton('198.18.0.0'), 15), # Network benchmark tests RFC 2544
(pcap.aton('198.51.100.0'), 24), # TEST-NET-2, documentation and examples RFC 5737
(pcap.aton('203.0.113.0'), 24), # TEST-NET-3, documentation and examples RFC 5737
(pcap.aton('224.0.0.0'), 4), # IP multicast (former Class D network) RFC 5771
(pcap.aton('240.0.0.0'), 4), # Reserved (former Class E network) RFC 1700
(pcap.aton('255.255.255.255'), 32) # Broadcast
def ip_is_reserved(ip, reverse=False):
dIPReserved = [
(pcap.aton("0.0.0.0"), 8), # Current network (only valid as source address) RFC 5735
(pcap.aton("10.0.0.0"), 8), # Private network RFC 1918
(pcap.aton("100.64.0.0"), 10), # Shared Address Space RFC 6598
(pcap.aton("127.0.0.0"), 8), # Loopback RFC 5735
(pcap.aton("169.254.0.0"), 16), # Link-local RFC 3927
(pcap.aton("172.16.0.0"), 12), # Private network RFC 1918
(pcap.aton("192.0.0.0"), 24), # IETF Protocol Assignments RFC 5735
(pcap.aton("192.0.2.0"), 24), # TEST-NET-1, documentation and examples RFC 5735
(pcap.aton("192.88.99.0"), 24), # IPv6 to IPv4 relay RFC 3068
(pcap.aton("192.168.0.0"), 16), # Private network RFC 1918
(pcap.aton("198.18.0.0"), 15), # Network benchmark tests RFC 2544
(pcap.aton("198.51.100.0"), 24), # TEST-NET-2, documentation and examples RFC 5737
(pcap.aton("203.0.113.0"), 24), # TEST-NET-3, documentation and examples RFC 5737
(pcap.aton("224.0.0.0"), 4), # IP multicast (former Class D network) RFC 5771
(pcap.aton("240.0.0.0"), 4), # Reserved (former Class E network) RFC 1700
(pcap.aton("255.255.255.255"), 32), # Broadcast
]
if reverse:
ip = ip_reverse(ip)
reserved = False
for (net, m) in dIPReserved:
mask = 0xFFFFFFFF >> (32 - m)
if (ip & mask) == net:
reserved = True
break
return reserved
def ip_str_to_bytes(ip):
"""
Converts a string representation of an ip to a bytes object
"""
return struct.pack('I', pcap.aton(ip))
def run(self):
logger = logging.getLogger()
# no module, no start
if len(self.lmod) == 0:
logger.debug("No Flow module")
return 0
logger.info("NetFlow : Listining on %s:%i" %
(self.config.flow_addr, self.config.flow_port))
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.bind((self.config.flow_addr, self.config.flow_port))
sock.settimeout(SOCKET_TIMEOUT)
lmod = self.lmod
lfnt_flowhandle = list()
lfnt_trigger_save = list()
for mod in lmod:
lfnt_flowhandle.append(mod.flow_handler)
lfnt_trigger_save.append(mod.trigger_db_save)
# List loaded module
for mod in self.lmod:
logger.info(
"NetFlow : Load network module - websocket subprotocol " +
mod.__str__())
# Init
ws_data = WsData()
last_update_t = time()
last_save_t = time()
self.database = self.config.database
db_on = self.config.database["on"]
# Mysql database
mydb = self.database["class"](
host=self.database["conf"]["host"],
user=self.database["conf"]["user"],
passwd=self.database["conf"]["passwd"],
database=self.database["conf"]["database"],
port=self.database["conf"]["port"])
if db_on:
# connection to database
mydb.connection()
if mydb.is_connect():
for mod in lmod:
mod.database_init(mydb)
mydb.commit()
while not self.term:
try:
data, addr = sock.recvfrom(SOCKET_BUFFER)
sett = flowtools.FlowPDU(pcap.aton(addr[0]), data)
map(lambda x: map(lambda y: y(x), lfnt_flowhandle), sett)
except socket.timeout:
pass
except SystemError:
logger.error("SystemError on Flow packet")
# Modules update call
if time() - last_update_t > MIN_TIME_MOD_UPDATE:
last_update_t = time()
l_res = list()
for mod in lmod:
data = mod.trigger_data_update()
if data is not None:
ws_data.send(mod.protocol, data)
# Modules save call
if db_on and mydb.connect is not None:
if time() - last_save_t > MIN_TIME_DB_UPDATE:
last_save_t = time()
map(lambda x: x(mydb), lfnt_trigger_save)
mydb.commit()
