def new_from_layer(cls, mpkt, proto_name):
try:
klass = global_trans[proto_name][0]
return MetaPacket(mpkt.getlayer(klass))
except ValueError:
log.error('Protocol %s not registered. Add it to global_trans')
return None
def __send_thread(self):
try:
packet = self.metapacket.root
if not self.scount:
log.debug("This is an infinite loop")
self.scount = -1
while self.scount:
self.send_sock.send(packet)
if self.scount > 0:
self.scount -= 1
if self.scallback(self.metapacket, self.count - self.scount, \
self.sudata):
log.debug("send callback want to exit")
break
time.sleep(self.inter)
except SystemExit:
pass
except Exception, err:
log.error("Error in _sndrecv_sthread(PID: %d EXC: %s)" % \
(os.getpid(), str(err)))
def _thread_main(self, udata=None):
if self.type == FileOperation.TYPE_LOAD:
ctx = udata
rctx = None
log.debug('Loading file as %s' % str(ctx))
if ctx is backend.SequenceContext:
rctx = backend.SequenceContext(self.file)
elif ctx is backend.SniffContext or \
ctx is backend.StaticContext:
rctx = backend.StaticContext(self.file, self.file,
Prefs()['backend.system.static.audits'].value)
if rctx is not None:
# Let's update our operation directly from load
if rctx.load(operation=self) == True:
# Now let's add a callback to when
gobject.idle_add(self.__on_idle, (ctx, rctx))
else:
log.error('Error while loading context on %s.' % self.file)
self.state = self.NOT_RUNNING
else:
log.debug('Saving %s to %s' % (self.ctx, self.ctx.cap_file))
if self.ctx.save(operation=self) == True:
gobject.idle_add(self.__on_idle, ())
else:
log.error('Error while saving context on %s.' % \
self.ctx.cap_file)
self.state = self.NOT_RUNNING
self.thread = None
def debind_perspective(self, type, callback):
"""
Remove the binding callback for perspective of type 'type'
@param type the perspective type
@param callback the callback to remove
@return True if the callback is removed correctly
"""
try:
self.perspective_binder[type].remove(callback)
for page in ServiceBus().call('pm.sessions', 'get_sessions'):
if not isinstance(page, Session):
continue
for perspective in page.perspectives:
idx = PerspectiveType.types[type(perspective)]
callback(perspective, idx, True, False)
log.debug(
"Binding method %s for perspective of type %s removed" % \
(callback, PerspectiveType.types[type])
)
return True
except:
log.error(
"Failed to remove binding method %s "
"for perspective of type %s" % \
(callback, PerspectiveType.types[type])
)
return False
def unbind_session(self, ptype, persp_klass):
try:
for i in range(len(self.session_binder[ptype])):
(klass, show, resize) = self.session_binder[ptype][i]
if klass is not persp_klass:
continue
del self.session_binder[ptype][i]
klass = SessionType.types[ptype]
for page in ServiceBus().call('pm.sessions', 'get_sessions'):
if isinstance(page, klass):
page.remove_perspective(persp_klass)
log.debug(
"Binding method %s for perspective of type %s removed" % \
(persp_klass, SessionType.types[ptype])
)
return True
except:
log.error(
"Failed to remove binding method %s for session of type %s" % \
(persp_klass, SessionType.type[ptype])
)
return False
def __send_thread(self):
try:
packet = self.metapacket.root
if not self.scount:
log.debug("This is an infinite loop")
self.scount = -1
while self.scount:
self.send_sock.send(packet)
if self.scount > 0:
self.scount -= 1
if self.scallback(self.metapacket, self.count - self.scount, \
self.sudata):
log.debug("send callback want to exit")
break
time.sleep(self.inter)
except SystemExit:
pass
except Exception, err:
log.error("Error in _sndrecv_sthread(PID: %d EXC: %s)" % \
(os.getpid(), str(err)))
def get_field(self, fieldname, default=None):
try:
ret = fieldname.split(".")
layer = self.root.getlayer(global_trans[ret[0]][0])
if not layer:
return default
if len(ret) > 1:
val = getattr(layer, ret[1])
if len(ret) == 3 and val:
val = getattr(val, ret[2])
if isinstance(val, Packet):
return MetaPacket(val)
if val is None:
return default
return val
else:
return str(layer)
except Exception, err:
log.error("Error while getting %s field. Traceback:" % fieldname)
log.error(generate_traceback())
return default
def unbind_session(self, ptype, persp_klass):
try:
for i in range(len(self.session_binder[ptype])):
(klass, show, resize) = self.session_binder[ptype][i]
if klass is not persp_klass:
continue
del self.session_binder[ptype][i]
klass = SessionType.types[ptype]
for page in ServiceBus().call('pm.sessions', 'get_sessions'):
if isinstance(page, klass):
page.remove_perspective(persp_klass)
log.debug(
"Binding method %s for perspective of type %s removed" % \
(persp_klass, SessionType.types[ptype])
)
return True
except:
log.error(
"Failed to remove binding method %s for session of type %s" % \
(persp_klass, SessionType.type[ptype])
)
return False
def __do_trace(self):
try:
dport = self.dport.get_value_as_int()
maxttl = self.maxttl.get_value_as_int()
timeout = self.timeout.get_value_as_int()
target = self.target.get_text()
log.debug("Starting %s (%s, dport=%d, maxttl=%d, timeout=%d)" %
(traceroute, target, dport, maxttl, timeout))
ans, unans = traceroute(target,
dport,
maxttl=maxttl,
timeout=timeout,
verbose=False)
self.session.context.set_trace(ans, unans)
gobject.idle_add(self.session.reload)
except Exception, err:
self.session.context.set_trace(None, err)
gobject.idle_add(self.session.reload)
log.error("Exception in tracert:")
log.error(generate_traceback())
def new_from_layer(cls, mpkt, proto_name):
try:
klass = global_trans[proto_name][0]
return MetaPacket(mpkt.getlayer(klass))
except ValueError:
log.error("Protocol %s not registered. Add it to global_trans")
return None
def new(cls, proto_name):
try:
klass = global_trans[proto_name][0]
return MetaPacket(klass())
except ValueError:
log.error("Protocol %s not registered. Add it to global_trans")
return None
def new_from_str(cls, proto_name, raw):
try:
klass = global_trans[proto_name][0]
return MetaPacket(klass(raw))
except:
log.error("Could not create %s MetaPacket from %s" % (proto_name, repr(raw)))
return None
def get_field(self, fieldname, default=None):
try:
ret = fieldname.split('.')
layer = self.root.getlayer(global_trans[ret[0]][0])
if not layer:
return default
if len(ret) > 1:
val = getattr(layer, ret[1])
if len(ret) == 3 and val:
val = getattr(val, ret[2])
if isinstance(val, Packet):
return MetaPacket(val)
if val is None:
return default
return val
else:
return str(layer)
except Exception, err:
log.error('Error while getting %s field. Traceback:' % fieldname)
log.error(generate_traceback())
return default
def new(cls, proto_name):
try:
klass = global_trans[proto_name][0]
return MetaPacket(klass())
except ValueError:
log.error('Protocol %s not registered. Add it to global_trans')
return None
def debind_perspective(self, type, callback):
"""
Remove the binding callback for perspective of type 'type'
@param type the perspective type
@param callback the callback to remove
@return True if the callback is removed correctly
"""
try:
self.perspective_binder[type].remove(callback)
for page in ServiceBus().call('pm.sessions', 'get_sessions'):
if not isinstance(page, Session):
continue
for perspective in page.perspectives:
idx = PerspectiveType.types[type(perspective)]
callback(perspective, idx, True, False)
log.debug(
"Binding method %s for perspective of type %s removed" % \
(callback, PerspectiveType.types[type])
)
return True
except:
log.error(
"Failed to remove binding method %s "
"for perspective of type %s" % \
(callback, PerspectiveType.types[type])
)
return False
def get_editor(field):
"@return the corresponding editor class for field or None"
if not backend.is_field(field):
log.error('%s is not a valid field' % field)
return None
# MACField
# IPField
# We use a list because order is important here
table = [(backend.PMMACField, MACEditor),
(backend.PMStrField, StrEditor),
(backend.PMIP6Field, IPv6Editor),
(backend.PMIPField, IPv4Editor),
(backend.PMEnumField, EnumEditor),
(backend.PMByteField, IntEditor),
(backend.PMShortField, IntEditor),
(backend.PMLEShortField, IntEditor),
(backend.PMIntField, IntEditor),
(backend.PMSignedIntField, IntEditor),
(backend.PMLEIntField, IntEditor),
(backend.PMLESignedIntField, IntEditor),
(backend.PMLongField, IntEditor),
(backend.PMLELongField, IntEditor),
(backend.PMLenField, IntEditor),
(backend.PMRDLenField, IntEditor),
(backend.PMFieldLenField, IntEditor),
(backend.PMBCDFloatField, IntEditor),
(backend.PMBitField, IntEditor),
]
for it in table:
if it[0] != None and backend.implements(field, it[0]):
return it[1]
def load_sequence(fname):
try:
return SequenceLoader(fname)
except Exception, err:
log.error("Error while loading sequence from %s" % fname)
log.error(generate_traceback())
raise err
def new_from_str(cls, proto_name, raw):
try:
klass = global_trans[proto_name][0]
return MetaPacket(klass(raw))
except:
log.error('Could not create %s MetaPacket from %s' % \
(proto_name, repr(raw)))
return None
def load_sequence(fname):
try:
return SequenceLoader(fname)
except Exception, err:
log.error("Error while loading sequence from %s" % fname)
log.error(generate_traceback())
raise err
def internal(mpkt):
try:
finger.push(mpkt, finger.TTL, mpkt.get_field('ip.ttl'))
finger.push(mpkt, finger.DF, mpkt.get_field('ip.frag', 0) & 0x400)
finger.push(mpkt, finger.LT, mpkt.get_field('ip.ihl', 0) * 4)
tcpraw = mpkt.get_field('tcp')
flags = mpkt.get_field('tcp.flags')
if flags and finger and flags & TH_SYN:
opt_start = 20
opt_end = mpkt.get_field('tcp.dataofs') * 4
finger.push(mpkt, finger.WINDOW, mpkt.get_field('tcp.window', 0))
finger.push(mpkt, finger.TCPFLAG, (flags & TH_ACK) and 1 or 0)
finger.push(mpkt, finger.LT, opt_end)
while opt_start < opt_end:
val = ord(tcpraw[opt_start])
if val == TCPOPT_EOL:
opt_start = opt_end
elif val == TCPOPT_NOP:
finger.push(mpkt, finger.NOP, 1)
opt_start += 1
elif val == TCPOPT_SACKOK:
finger.push(mpkt, finger.SACK, 1)
opt_start += 2
elif val == TCPOPT_MAXSEG:
opt_start += 2
finger.push(mpkt, finger.MSS, pntos(unpack("H",
tcpraw[opt_start:opt_start + 2])[0]))
opt_start += 2
elif val == TCPOPT_WSCALE:
opt_start += 2
finger.push(mpkt, finger.WS, ord(tcpraw[opt_start]))
opt_start += 1
elif val == TCPOPT_TIMESTAMP:
finger.push(mpkt, finger.TIMESTAMP, 1)
opt_start +=1
opt_start += ord(tcpraw[opt_start]) - 1
else:
opt_start += 1
if opt_start < len(tcpraw):# and ord(tcpraw[opt_start]):
opt_start += val - 1
remote_os = finger.report(mpkt)
mpkt.set_cfield('remote_os', remote_os)
manager.user_msg(_('%s is running %s') % (mpkt.get_field('ip.src'),
remote_os),
5, 'fingerprint')
except Exception, err:
log.error('Ignoring exception while setting fingerprint.')
log.error(generate_traceback())
log.debug('Clearing fingerprint.')
finger.clear(mpkt)
def __thread_main(self):
try:
log.debug('Entered in __thread_main')
packets = 0
probes = self.probes
while probes != 0 and self.internal:
pkt = MetaPacket.new('ip') / MetaPacket.new('tcp')
if self.sip is True:
sip = random_ip()
elif self.sip != '0.0.0.0':
sip = self.sip
if self.sport is True:
sport = randint(1, 65535)
else:
sport = self.sport
pkt.set_fields('ip', {
'dst' : self.dip,
'src' : sip})
pkt.set_fields('tcp', {
'sport' : sport,
'dport' : self.dport,
'flags' : TH_SYN,
'seq' : randint(0, 2L**32-1)})
self.context.si_l3(pkt)
sleep(self.delay)
probes -= 1
packets += 1
if self.probes > 0:
self.summary = AUDIT_MSG % _('%d of %d sent' \
% (packets, self.probes))
self.percentage = (packets / float(self.probes)) * 100.0
else:
self.summary = AUDIT_MSG % _('%d sent' % packets)
self.percentage = (self.percentage + 536870911) % \
gobject.G_MAXINT
if self.internal:
self.summary = AUDIT_MSG % _('Finished with %d sent' % packets)
self.internal = False
else:
self.summary = AUDIT_MSG % _('stopped')
self.percentage = 100.0
self.state = self.NOT_RUNNING
except Exception, err:
log.error(generate_traceback())
def __thread_main(self):
try:
log.debug('Entered in __thread_main')
packets = 0
probes = self.probes
while probes != 0 and self.internal:
pkt = MetaPacket.new('ip') / MetaPacket.new('tcp')
if self.sip is True:
sip = random_ip()
elif self.sip != '0.0.0.0':
sip = self.sip
if self.sport is True:
sport = randint(1, 65535)
else:
sport = self.sport
pkt.set_fields('ip', {'dst': self.dip, 'src': sip})
pkt.set_fields(
'tcp', {
'sport': sport,
'dport': self.dport,
'flags': TH_SYN,
'seq': randint(0, 2L**32 - 1)
})
self.context.si_l3(pkt)
sleep(self.delay)
probes -= 1
packets += 1
if self.probes > 0:
self.summary = AUDIT_MSG % _('%d of %d sent' \
% (packets, self.probes))
self.percentage = (packets / float(self.probes)) * 100.0
else:
self.summary = AUDIT_MSG % _('%d sent' % packets)
self.percentage = (self.percentage + 536870911) % \
gobject.G_MAXINT
if self.internal:
self.summary = AUDIT_MSG % _('Finished with %d sent' % packets)
self.internal = False
else:
self.summary = AUDIT_MSG % _('stopped')
self.percentage = 100.0
self.state = self.NOT_RUNNING
except Exception, err:
log.error(generate_traceback())
def save_sequence(fname, sequence, strict=True, report_recv=False, \
report_sent=True, tot_loop_count=None, inter=None):
assert isinstance(sequence, Node)
try:
return SequenceWriter(fname, sequence, strict, report_recv, \
report_sent, tot_loop_count, inter).save_async()
except Exception, err:
log.error("Cannot while saving sequence to %s" % fname)
log.error(generate_traceback())
raise err
def save_sequence(fname, sequence, strict=True, report_recv=False, \
report_sent=True, tot_loop_count=None, inter=None):
assert isinstance(sequence, Node)
try:
return SequenceWriter(fname, sequence, strict, report_recv, \
report_sent, tot_loop_count, inter).save_async()
except Exception, err:
log.error("Cannot while saving sequence to %s" % fname)
log.error(generate_traceback())
raise err
def load_directory(self, modpath):
if not PM_DEVELOPMENT:
log.error("This method should not be called in release.")
return
start_file = 'main'
log.warning("You are loading a plugin without checking for needs, " \
"provides or conflitcts")
log.warning("* You have been warned! *")
log.warning("Assuming `%s' as start file!" % start_file)
# Load the plugin
sys.path.insert(0, os.path.abspath(modpath))
if start_file in sys.modules:
sys.modules.pop(start_file)
try:
__builtin__.__import__ = hook_import
module = hook_import(start_file, level=0)
if hasattr(module, "__plugins__") and \
isinstance(module.__plugins__, list):
lst = module.__plugins__
ret = []
for plug in lst:
try:
if issubclass(plug, PassiveAudit):
is_audit = 1
elif issubclass(plug, ActiveAudit):
is_audit = 2
else:
is_audit = 0
inst = plug()
inst.start(None)
if is_audit:
inst.register_decoders()
inst.register_hooks()
ret.append(inst)
except Exception, err:
log.critical("Error while starting %s:" % (plug))
log.critical(generate_traceback())
log.critical("Ignoring instance.")
if not ret:
log.error("Not startable plugin defined in main file")
else:
def map_thread(self, ans):
try:
log.debug("Plotting async")
global glocator
self.html_map = tracert.create_map(ans, glocator)
log.info("Plotted")
except Exception, err:
log.error("Error while plotting")
log.error(generate_traceback())
self.html_map = "<pre>Error while plotting</pre>"
def map_thread(self, ans):
try:
log.debug("Plotting async")
global glocator
self.html_map = tracert.create_map(ans, glocator)
log.info("Plotted")
except Exception, err:
log.error("Error while plotting")
log.error(generate_traceback())
self.html_map = "<pre>Error while plotting</pre>"
def add_view(self, tab, unused=False):
widget = tab.get_toplevel()
if not tab.tab_position:
# Ok this is the central widget
item = gdl.DockItem('MainTab', 'MainTab', tab.icon_name,
gdl.DOCK_ITEM_BEH_LOCKED | \
#gdl.DOCK_ITEM_BEH_NO_GRIP | \
gdl.DOCK_ITEM_BEH_CANT_CLOSE | \
gdl.DOCK_ITEM_BEH_CANT_ICONIFY)
item.add(widget)
item.show()
self.central = item
self.dock.add_item(item, gdl.DOCK_CENTER)
log.debug('Setting central widget to %s' % self.central)
return
if not self.central:
log.error('Central widget has not be set yet.')
raise Exception('Central widget has not be set yet')
item = gdl.DockItem(
tab.label_text, tab.label_text, tab.icon_name,
gdl.DOCK_ITEM_BEH_NORMAL | gdl.DOCK_ITEM_BEH_CANT_CLOSE)
item.add(widget)
item.show()
ph = None
pos = tab.tab_position
log.debug("Item %s created. Docking to %s" % (item, pos))
if pos is gtk.POS_LEFT:
ph = self.ph_l
pos = gdl.DOCK_LEFT
elif pos is gtk.POS_RIGHT:
ph = self.ph_r
pos = gdl.DOCK_RIGHT
elif pos is gtk.POS_TOP:
ph = self.ph_t
pos = gdl.DOCK_TOP
elif pos is gtk.POS_BOTTOM:
ph = self.ph_b
pos = gdl.DOCK_BOTTOM
ph.add(item)
self.tab_map[tab] = item
def add_view(self, tab, unused=False):
widget = tab.get_toplevel()
if not tab.tab_position:
# Ok this is the central widget
item = gdl.DockItem('MainTab', 'MainTab', tab.icon_name,
gdl.DOCK_ITEM_BEH_LOCKED | \
#gdl.DOCK_ITEM_BEH_NO_GRIP | \
gdl.DOCK_ITEM_BEH_CANT_CLOSE | \
gdl.DOCK_ITEM_BEH_CANT_ICONIFY)
item.add(widget)
item.show()
self.central = item
self.dock.add_item(item, gdl.DOCK_CENTER)
log.debug('Setting central widget to %s' % self.central)
return
if not self.central:
log.error('Central widget has not be set yet.')
raise Exception('Central widget has not be set yet')
item = gdl.DockItem(tab.label_text, tab.label_text, tab.icon_name,
gdl.DOCK_ITEM_BEH_NORMAL |
gdl.DOCK_ITEM_BEH_CANT_CLOSE)
item.add(widget)
item.show()
ph = None
pos = tab.tab_position
log.debug("Item %s created. Docking to %s" % (item, pos))
if pos is gtk.POS_LEFT:
ph = self.ph_l
pos = gdl.DOCK_LEFT
elif pos is gtk.POS_RIGHT:
ph = self.ph_r
pos = gdl.DOCK_RIGHT
elif pos is gtk.POS_TOP:
ph = self.ph_t
pos = gdl.DOCK_TOP
elif pos is gtk.POS_BOTTOM:
ph = self.ph_b
pos = gdl.DOCK_BOTTOM
ph.add(item)
self.tab_map[tab] = item
def check_conflicts(self, pkg):
"""
Check the conflicts between pkg and global list of provides or
loaded plugins.
The return list contains entry like:
(phase-number:int,
(p_name:str, p_op:Operator, p_ver:Version) -> Provider
(c_name:str, c_op:Operator, c_ver:Version) -> Conflicter
)
@param pkg the plugin to check
@return [] if everything is OK or a list of plugins
conflicting with pkg
"""
lst = []
#
# 1) We should check the cache conflicts agains pkg
for provide in pkg.provides:
try:
name, op, ver = Version.extract_version(provide)
if not name in self.who_conflicts:
continue
for c_op, c_ver, c_pkg in self.who_conflicts[name]:
# We could have
# c_op, c_ver >=, 2.0.0
# ver = 3.0.0
# We could have a None if a conflict entry didn't provide
# any version or operator
if c_op.op_str == '.' or c_op(ver, c_ver) is True:
lst.append(
(1,
(name, op, ver), # Provider
(c_pkg, c_op, c_ver) # Conflicter
)
)
except Exception, err:
log.error(err)
log.error("1) Ignoring conflict entry ...")
continue
def set_fields(self, proto, dict):
try:
layer = self.root.getlayer(global_trans[proto][0])
if not layer:
return None
for key, value in dict.items():
if isinstance(value, MetaPacket):
setattr(layer, key, value.root)
else:
setattr(layer, key, value)
except Exception, err:
log.error("Error while setting %s fields to %s. Traceback:" % (dict, proto))
log.error(generate_traceback())
def set_fields(self, proto, dict):
try:
layer = self.root.getlayer(global_trans[proto][0])
if not layer:
return None
for key, value in dict.items():
if isinstance(value, MetaPacket):
setattr(layer, key, value.root)
else:
setattr(layer, key, value)
except Exception, err:
log.error('Error while setting %s fields to %s. Traceback:' % \
(dict, proto))
log.error(generate_traceback())
def check_needs(self, pkg):
"""
Check the needs between pkg and global list of provides.
The return list contains entry like:
(name:str, op:Operator, ver:Version) -> need not found
@param pkg the plugin to check
@return [] if everything is OK or a list of not resolved needs
"""
# We have passed the conflict stage
# so check for needs
lst = []
for need in pkg.needs:
try:
found = False
name, op, ver = Version.extract_version(need)
if not name in self.who_provides:
lst.append((name, op, ver))
continue
for n_op, n_ver, n_pkg in self.who_provides[name]:
# for example we could have
# name, op, ver = dummy, >=, 2.0.0
# n_ver = 2.0.3
# TODO: check me
if op(n_ver, ver) is True or op(n_ver, ver) is None:
found = True
break
# If we are here not applicable deps were found so add
if not found:
lst.append((name, op, ver))
except Exception, err:
log.error(err)
log.error("Ignoring need entry ...")
continue
def _worker(self):
ct = threading.currentThread()
obj = self.queue.get()
while obj is not WorkerStop:
self.working.append(ct)
(callback, errback, func, args, kw) = obj
try:
try:
result = func(*args, **kw)
except Exception, exc:
log.error("Handling exception %s Traceback:" % exc)
log.error(generate_traceback())
if errback is not None:
errback(sys.exc_info()[1])
else:
if callback is not None:
callback(result)
def _worker(self):
ct = threading.currentThread()
obj = self.queue.get()
while obj is not WorkerStop:
self.working.append(ct)
(callback, errback, func, args, kw) = obj
try:
try:
result = func(*args, **kw)
except Exception, exc:
log.error("Handling exception %s Traceback:" % exc)
log.error(generate_traceback())
if errback is not None:
errback(sys.exc_info()[1])
else:
if callback is not None:
callback(result)
def set_field(self, fieldname, value):
if isinstance(value, MetaPacket):
value = value.root
try:
ret = fieldname.split('.')
layer = self.root.getlayer(global_trans[ret[0]][0])
if not layer:
return None
if len(ret) == 2:
setattr(layer, ret[1], value)
elif len(ret) == 3:
val = getattr(layer, ret[1])
if val is not None:
setattr(val, ret[2], value)
else:
raise Exception('Middle value is None')
else:
log.error('Cannot set an entire protocol')
except Exception, err:
log.error('Error while setting %s field to %s. Traceback:' % \
(fieldname, repr(value)))
log.error(generate_traceback())
def set_field(self, fieldname, value):
if isinstance(value, MetaPacket):
value = value.root
try:
ret = fieldname.split(".")
layer = self.root.getlayer(global_trans[ret[0]][0])
if not layer:
return None
if len(ret) == 2:
setattr(layer, ret[1], value)
elif len(ret) == 3:
val = getattr(layer, ret[1])
if val is not None:
setattr(val, ret[2], value)
else:
raise Exception("Middle value is None")
else:
log.error("Cannot set an entire protocol")
except Exception, err:
log.error("Error while setting %s field to %s. Traceback:" % (fieldname, repr(value)))
log.error(generate_traceback())
def find_all_devs(capmethod=0):
"""
@param capmethod 0 for standard method, 1 for virtual interface,
2 for tcpdump/windump, 3 for dumpcap helper.
@return a list containing VirtualIFace objects
"""
if capmethod == 1:
# This is virtual interface so the list will contain a dummy
# VirtualIFace entry
return [
VirtualIFace('dummy', 'Virtual interface for reading file',
'0.0.0.0')
]
if WINDOWS and (capmethod == 2 or capmethod == 3):
# Ok here we have to get the stdout of %helper% -D
if capmethod == 2:
helper = Prefs()['backend.tcpdump'].value
else:
helper = Prefs()['backend.dumpcap'].value
try:
ret = []
helper = subprocess.Popen(helper + " -D", stdout=subprocess.PIPE)
output, _ = helper.communicate()
for line in output.splitlines():
name, desc = line.rsplit("(", 1)
name = name.replace(" ", "")
desc = desc[:-1]
ret.append(VirtualIFace(name, desc, 'N/A'))
return ret
except Exception, err:
log.error("Error in running the helper: %s" % str(err))
return []
def get_fields(self, proto, tup):
try:
layer = self.root.getlayer(global_trans[proto][0])
if not layer:
return (None,) * len(tup)
out = []
for key in tup:
value = getattr(layer, key)
if isinstance(value, Packet):
value = MetaPacket(value)
out.append(value)
return out
except Exception, err:
log.error("Error while getting %s fields from %s. Traceback:" % (tup, proto))
log.error(generate_traceback())
return (None,) * len(tup)
def __do_trace(self):
try:
dport = self.dport.get_value_as_int()
maxttl = self.maxttl.get_value_as_int()
timeout = self.timeout.get_value_as_int()
target = self.target.get_text()
log.debug("Starting %s (%s, dport=%d, maxttl=%d, timeout=%d)" %
(traceroute, target, dport, maxttl, timeout))
ans, unans = traceroute(target, dport, maxttl=maxttl,
timeout=timeout, verbose=False)
self.session.context.set_trace(ans, unans)
gobject.idle_add(self.session.reload)
except Exception, err:
self.session.context.set_trace(None, err)
gobject.idle_add(self.session.reload)
log.error("Exception in tracert:")
log.error(generate_traceback())
def find_all_devs(capmethod=0):
"""
@param capmethod 0 for standard method, 1 for virtual interface,
2 for tcpdump/windump, 3 for dumpcap helper.
@return a list containing VirtualIFace objects
"""
if capmethod == 1:
# This is virtual interface so the list will contain a dummy
# VirtualIFace entry
return [VirtualIFace('dummy',
'Virtual interface for reading file',
'0.0.0.0')]
if WINDOWS and (capmethod == 2 or capmethod == 3):
# Ok here we have to get the stdout of %helper% -D
if capmethod == 2:
helper = Prefs()['backend.tcpdump'].value
else:
helper = Prefs()['backend.dumpcap'].value
try:
ret = []
helper = subprocess.Popen(helper + " -D", stdout=subprocess.PIPE)
output, _ = helper.communicate()
for line in output.splitlines():
name, desc = line.rsplit("(", 1)
name = name.replace(" ", "")
desc = desc[:-1]
ret.append(VirtualIFace(name, desc, 'N/A'))
return ret
except Exception, err:
log.error("Error in running the helper: %s" % str(err))
return []
def get_fields(self, proto, tup):
try:
layer = self.root.getlayer(global_trans[proto][0])
if not layer:
return (None, ) * len(tup)
out = []
for key in tup:
value = getattr(layer, key)
if isinstance(value, Packet):
value = MetaPacket(value)
out.append(value)
return out
except Exception, err:
log.error('Error while getting %s fields from %s. Traceback:' % \
(tup, proto))
log.error(generate_traceback())
return (None, ) * len(tup)
def _thread_main(self, udata=None):
if self.type == FileOperation.TYPE_LOAD:
ctx = udata
rctx = None
log.debug('Loading file as %s' % str(ctx))
if ctx is backend.SequenceContext:
rctx = backend.SequenceContext(self.file)
elif ctx is backend.SniffContext or \
ctx is backend.StaticContext:
rctx = backend.StaticContext(
self.file, self.file,
Prefs()['backend.system.static.audits'].value)
if rctx is not None:
# Let's update our operation directly from load
if rctx.load(operation=self) == True:
# Now let's add a callback to when
gobject.idle_add(self.__on_idle, (ctx, rctx))
else:
log.error('Error while loading context on %s.' % self.file)
self.state = self.NOT_RUNNING
else:
log.debug('Saving %s to %s' % (self.ctx, self.ctx.cap_file))
if self.ctx.save(operation=self) == True:
gobject.idle_add(self.__on_idle, ())
else:
log.error('Error while saving context on %s.' % \
self.ctx.cap_file)
self.state = self.NOT_RUNNING
self.thread = None
def reset_field(self, fieldname):
try:
ret = fieldname.split(".")
layer = self.root.getlayer(global_trans[ret[0]][0])
if not layer:
return None
if len(ret) > 1:
delattr(layer, ret[1])
else:
log.error("Cannot reset an entire protocol")
except Exception, err:
log.error("Error while resetting %s field. Traceback:" % fieldname)
log.error(generate_traceback())
def reset_field(self, fieldname):
try:
ret = fieldname.split('.')
layer = self.root.getlayer(global_trans[ret[0]][0])
if not layer:
return None
if len(ret) > 1:
delattr(layer, ret[1])
else:
log.error('Cannot reset an entire protocol')
except Exception, err:
log.error('Error while resetting %s field. Traceback:' % \
fieldname)
log.error(generate_traceback())
def __recv_thread(self):
ans = 0
nbrecv = 0
notans = self.count
force_exit = False
packet = self.metapacket.root
packet_hash = packet.hashret()
inmask = [self.recv_sock, self.rdpipe]
while self.running:
r = None
try:
if FREEBSD or DARWIN:
inp, out, err = select(inmask, [], [], 0.05)
if len(inp) == 0 or selr.recv_sock in inp:
r = self.recv_sock.nonblock_recv()
elif WINDOWS:
r = self.recv_sock.recv(MTU)
else:
inp, out, err = select(inmask, [], [], None)
if len(inp) == 0:
return
if self.recv_sock in inp:
r = self.recv_sock.recv(MTU)
except Exception:
log.error('Error in recv thread in SendReceiveConsumer: %s' % \
str(err))
force_exit = True
break
if r is None:
continue
if not self.strict or (r.hashret() == packet_hash and \
r.answers(packet)):
ans += 1
if notans:
notans -= 1
if self.rcallback(MetaPacket(r), True, self.rudata):
force_exit = True
break
else:
nbrecv += 1
if self.rcallback(MetaPacket(r), False, self.rudata):
force_exit = True
break
if notans == 0:
break
try:
ac = cPickle.load(self.rdpipe)
except EOFError:
print "Child died unexpectedly. Packets may have not been sent"
else:
if PM_USE_NEW_SCAPY:
conf.netcache.update(ac)
else:
arp_cache.update(ac)
if self.send_thread and self.send_thread.isAlive():
self.send_thread.join()
if not force_exit:
self.rcallback(None, False, self.rudata)
def __recv_helper_thread(self):
try:
for reader in bind_reader(self.process, self.outfile):
if not self.running:
break
if reader:
reader, outfile_size, position = reader
report_idx = 0
reported_packets = 0
ans = 0
nbrecv = 0
notans = self.count
force_exit = False
packet = self.metapacket.root
packet_hash = packet.hashret()
while self.running:
while report_idx < reported_packets:
report_idx = get_n_packets(self.process)
r = reader.read_packet()
try:
# The helper capture packets at L2 so we need to drop the
# first protocol to make the match against the packets.
r = r[1]
except:
continue
if not r:
break
if not self.strict or (r.hashret() == packet_hash and \
r.answers(packet)):
ans += 1
if notans:
notans -= 1
if self.rcallback(MetaPacket(r), True, self.rudata):
force_exit = True
break
else:
nbrecv += 1
if self.rcallback(MetaPacket(r), False, self.rudata):
force_exit = True
break
if notans == 0:
break
try:
ac = cPickle.load(self.rdpipe)
except EOFError:
print "Child died unexpectedly. Packets may have not been sent"
else:
if PM_USE_NEW_SCAPY:
conf.netcache.update(ac)
else:
arp_cache.update(ac)
if self.send_thread and self.send_thread.isAlive():
self.send_thread.join()
if not force_exit:
self.rcallback(None, False, self.rudata)
except Exception, err:
log.error("Error in SendReceiveConsumer: %s" % str(err))
if self.protocol is not None:
self.protocol = self.protocol / self.current_protocol
else:
self.protocol = self.current_protocol
self.current_protocol = protocol
except Exception, err:
log.debug(generate_traceback())
else:
self.in_proto = True
elif self.in_proto and name == 'field':
try:
self.field_id = attrs['id']
except Exception, err:
log.error('Field seems to not have id attribute')
else:
self.in_field = True
def endElement(self, name):
if name == 'PMScapySequence':
self.in_sequence = self.in_packet = \
self.in_proto = self.in_field = False
self.packet_interval = self.packet_filter = self.protocol = \
self.field_id = self.field_value = None
elif name == 'SequencePacket':
self.add_pending()
self.current_node = self.current_node.get_parent() or self.tree
def __recv_helper_thread(self):
try:
for reader in bind_reader(self.process, self.outfile):
if not self.running:
break
if reader:
reader, outfile_size, position = reader
report_idx = 0
reported_packets = 0
ans = 0
nbrecv = 0
notans = self.count
force_exit = False
packet = self.metapacket.root
packet_hash = packet.hashret()
while self.running:
while report_idx < reported_packets:
report_idx = get_n_packets(self.process)
r = reader.read_packet()
try:
# The helper capture packets at L2 so we need to drop the
# first protocol to make the match against the packets.
r = r[1]
except:
continue
if not r:
break
if not self.strict or (r.hashret() == packet_hash and \
r.answers(packet)):
ans += 1
if notans:
notans -= 1
if self.rcallback(MetaPacket(r), True, self.rudata):
force_exit = True
break
else:
nbrecv += 1
if self.rcallback(MetaPacket(r), False, self.rudata):
force_exit = True
break
if notans == 0:
break
try:
ac = cPickle.load(self.rdpipe)
except EOFError:
print "Child died unexpectedly. Packets may have not been sent"
else:
if PM_USE_NEW_SCAPY:
conf.netcache.update(ac)
else:
arp_cache.update(ac)
if self.send_thread and self.send_thread.isAlive():
self.send_thread.join()
if not force_exit:
self.rcallback(None, False, self.rudata)
except Exception, err:
log.error("Error in SendReceiveConsumer: %s" % str(err))
inst.start(None)
if is_audit:
inst.register_decoders()
inst.register_hooks()
ret.append(inst)
except Exception, err:
log.critical("Error while starting %s:" % (plug))
log.critical(generate_traceback())
log.critical("Ignoring instance.")
if not ret:
log.error("Not startable plugin defined in main file")
else:
log.error("No Plugin subclass")
finally:
__builtin__.__import__ = original_import
def __load_hook(self, pkg):
"""
This is the real load procedure of plugin.
We'll use zipmodule to import and a global function expose
to provide a simple method to access files inside the zip file
to plugin.
Raise a PluginException on fail
@return None or raise a PluginException
"""
def proxy(*args, **kwargs):
try:
func(*args, **kwargs)
except Exception, err:
log.error(_('>>> safecall(): Ignoring exception %s -> %s (%s, %s)')\
% (err, func, args, kwargs))
class SnoopTab(UmitView):
icon_name = gtk.STOCK_INFO
tab_position = gtk.POS_LEFT
label_text = _('DNS Cache snoop')
name = 'DNSCacheSnoop'
def create_ui(self):
self.active = False
self.output = []
self.toolbar = gtk.Toolbar()
self.toolbar.set_style(gtk.TOOLBAR_ICONS)
self.toolbar.set_orientation(gtk.ORIENTATION_HORIZONTAL)
for name, stock, cb in (('Copy', gtk.STOCK_COPY, self.__on_copy),
('Open', gtk.STOCK_OPEN, self.__on_open),
('Execute', gtk.STOCK_EXECUTE,
self.__on_execute)):
act = gtk.Action(name, name, '', stock)
act.connect('activate', cb)
self.toolbar.insert(act.create_tool_item(), -1)
self._main_widget.pack_start(self.toolbar, False, False)
self.server = gtk.Entry()
self._main_widget.pack_start(self.server, False, False)
self.store = gtk.ListStore(bool, str, int)
self.tree = gtk.TreeView(self.store)
self.tree.append_column(
gtk.TreeViewColumn('', gtk.CellRendererToggle(), active=0))
rend = gtk.CellRendererText()
rend.connect('edited', self.__edited_cb)
rend.set_property('editable', True)
col = gtk.TreeViewColumn('Host', rend, text=1)
col.set_expand(True)
self.tree.append_column(col)
self.tree.append_column(
gtk.TreeViewColumn('TTL', gtk.CellRendererText(), text=2))
self.tree.set_rules_hint(True)
self.selection = self.tree.get_selection()
self.menu = gtk.Menu()
for name, stock, cb in (('Add', gtk.STOCK_ADD, self.__on_add),
('Remove', gtk.STOCK_REMOVE,
self.__on_remove)):
act = gtk.Action(name, name, '', stock)
act.connect('activate', cb)
self.menu.append(act.create_menu_item())
self.tree.connect('button-press-event', self.__on_button)
sw = gtk.ScrolledWindow()
sw.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC)
sw.set_shadow_type(gtk.SHADOW_ETCHED_IN)
sw.add(self.tree)
self._main_widget.pack_start(sw)
self._main_widget.show_all()
def __edited_cb(self, rend, path, new_text):
iter = self.store.get_iter_from_string(path)
self.store.set_value(iter, 1, new_text)
def __on_button(self, tree, evt):
if evt.button != 3:
return False
self.menu.show_all()
self.menu.popup(None, None, None, evt.button, evt.time)
return True
def __on_add(self, widget):
model, iter = self.selection.get_selected()
newrow = (False, 'edit me', 0)
if not iter:
self.store.append(newrow)
else:
self.store.insert_after(None, iter, newrow)
def __on_remove(self, widget):
model, iter = self.selection.get_selected()
if iter:
self.store.remove(iter)
def __on_copy(self, act):
out = ''
for row in self.store:
out += "[%s] %s (%d)\n" % (row[0] and '+' or '-', row[1], row[2])
if out:
clip = gtk.clipboard_get()
clip.set_text('Result for %s DNS server\n' %
self.server.get_text() + out)
def __on_execute(self, act):
if self.active:
return
self.active = True
self.thread = None
self.tree.set_sensitive(False)
self.server.set_sensitive(False)
self.toolbar.set_sensitive(False)
server = self.server.get_text()
targets = [row[1] for row in self.store]
self.thread = Thread(target=self.__main_thread,
name='DNSCacheSnoop',
kwargs={
'targets': targets,
'server': server
})
self.thread.setDaemon(True)
self.thread.start()
gobject.timeout_add(1000, self.__check_finished)
def __check_finished(self):
if self.thread is not None:
return True
log.debug(str(self.output))
idx = 0
while idx < len(self.output):
present, ttl = self.output[idx]
iter = self.store.get_iter((idx, ))
if iter:
self.store.set(iter, 0, present, 2, ttl)
idx += 1
self.output = []
self.tree.set_sensitive(True)
self.server.set_sensitive(True)
self.toolbar.set_sensitive(True)
self.active = False
return False
def __on_open(self, act):
dialog = gtk.FileChooserDialog(_('Select a query file'),
PMApp().main_window,
gtk.FILE_CHOOSER_ACTION_OPEN,
(gtk.STOCK_OPEN, gtk.RESPONSE_ACCEPT,
gtk.STOCK_CANCEL, gtk.RESPONSE_REJECT))
if dialog.run() == gtk.RESPONSE_ACCEPT:
fname = dialog.get_filename()
if fname:
fd = open(fname, 'r')
contents = fd.read()
fd.close()
self.store.clear()
for line in contents.splitlines():
line = line.strip()
if line:
self.store.append((False, line, 0))
dialog.hide()
dialog.destroy()
def __main_thread(self, server, targets):
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.settimeout(5)
if ':' in server:
server, port = server.split(':', 1)
else:
port = 53
try:
port = int(port)
except:
port = 53
sock.connect((server, port))
for target in targets:
dnsqr = MetaPacket.new('dnsqr')
dnsqr.set_field('dnsqr.qname', target)
mpkt = MetaPacket.new('dns')
mpkt.set_fields('dns', {'id': randint(0, 2L**16 - 1), 'qd': dnsqr})
sock.send(mpkt.get_raw())
try:
buff = sock.recv(1024)
mpkt = MetaPacket.new_from_str('dns', buff)
if mpkt.get_field('dns.ancount', 0) == 0:
self.output.append((False, 0))
else:
found = False
qd = mpkt.get_field('dns.an', None)
while qd is not None:
rrname = qd.get_field('dnsrr.rrname', '')
if rrname.startswith(target):
self.output.append((True, \
qd.get_field('dnsrr.ttl', 0)))
log.debug('Reply for %s' % target)
found = True
break
qd = mpkt.get_field('dnsrr.payload', None)
if not found:
self.output.append((False, 0))
log.debug('No reply for %s' % target)
except Exception, exc:
log.debug('Cannot parse DNS reply for %s ' \
'or timeout occurred' % target)
log.error(generate_traceback())
self.output.append((False, 0))
def __recv_thread(self):
ans = 0
nbrecv = 0
notans = self.count
force_exit = False
packet = self.metapacket.root
packet_hash = packet.hashret()
inmask = [self.recv_sock, self.rdpipe]
while self.running:
r = None
try:
if FREEBSD or DARWIN:
inp, out, err = select(inmask, [], [], 0.05)
if len(inp) == 0 or selr.recv_sock in inp:
r = self.recv_sock.nonblock_recv()
elif WINDOWS:
r = self.recv_sock.recv(MTU)
else:
inp, out, err = select(inmask, [], [], None)
if len(inp) == 0:
return
if self.recv_sock in inp:
r = self.recv_sock.recv(MTU)
except Exception:
log.error('Error in recv thread in SendReceiveConsumer: %s' % \
str(err))
force_exit = True
break
if r is None:
continue
if not self.strict or (r.hashret() == packet_hash and \
r.answers(packet)):
ans += 1
if notans:
notans -= 1
if self.rcallback(MetaPacket(r), True, self.rudata):
force_exit = True
break
else:
nbrecv += 1
if self.rcallback(MetaPacket(r), False, self.rudata):
force_exit = True
break
if notans == 0:
break
try:
ac = cPickle.load(self.rdpipe)
except EOFError:
print "Child died unexpectedly. Packets may have not been sent"
else:
if PM_USE_NEW_SCAPY:
conf.netcache.update(ac)
else:
arp_cache.update(ac)
if self.send_thread and self.send_thread.isAlive():
self.send_thread.join()
if not force_exit:
self.rcallback(None, False, self.rudata)
class PluginsTree(object):
"""
Manages and tracks the loads/unloads of plugins objects
"""
def __init__(self):
"""
Create a new PluginsTree
@param parent a PluginEngine instance
"""
# A dict to trace plugin instances
self.instances = {}
self.modules = {}
self.who_conflicts, \
self.who_provides, \
self.who_needs = DepDict(), DepDict(), DepDict()
self.pkg_lst = list()
def dump(self):
log.info(">>> dump(): conflicts/provides/needs: %d / %d / %d" % \
(
len(self.who_conflicts),
len(self.who_provides),
len(self.who_needs)
)
)
def check_conflicts(self, pkg):
"""
Check the conflicts between pkg and global list of provides or
loaded plugins.
The return list contains entry like:
(phase-number:int,
(p_name:str, p_op:Operator, p_ver:Version) -> Provider
(c_name:str, c_op:Operator, c_ver:Version) -> Conflicter
)
@param pkg the plugin to check
@return [] if everything is OK or a list of plugins
conflicting with pkg
"""
lst = []
#
# 1) We should check the cache conflicts agains pkg
for provide in pkg.provides:
try:
name, op, ver = Version.extract_version(provide)
if not name in self.who_conflicts:
continue
for c_op, c_ver, c_pkg in self.who_conflicts[name]:
# We could have
# c_op, c_ver >=, 2.0.0
# ver = 3.0.0
# We could have a None if a conflict entry didn't provide
# any version or operator
if c_op.op_str == '.' or c_op(ver, c_ver) is True:
lst.append(
(1,
(name, op, ver), # Provider
(c_pkg, c_op, c_ver) # Conflicter
)
)
except Exception, err:
log.error(err)
log.error("1) Ignoring conflict entry ...")
continue
#
# 2) We should check the package conflicts against cache provides
for conflict in pkg.conflicts:
try:
name, op, ver = Version.extract_version(conflict)
if not name in self.who_provides:
continue
# Only '=' operator presents:
# providers['woot'] = [('=', '2.0', pkg1), ('=', '2.1', pkg2)]
for p_op, p_ver, p_pkg in self.who_provides[name]:
# for example we could have
# name, op, ver = dummy, >=, 2.0.0
# p_ver = 2.0.3
# strict checking for avoid false results
# if None was returned
if op(p_ver, ver) is True:
# So we have a conflict. Just add to the list
lst.append(
(2,
(p_pkg, p_op, p_ver), # Provider
(name, op, ver) # Conflicter
)
)
except Exception, err:
log.error(err)
log.error("2) Ignoring conflict entry ...")
continue