def on_init(self, obs):
if obs.version == 4:
return str(ipaddress.IPv4Address(obs.ip_dst))
else:
return str(ipaddress.IPv6Address(obs.ip_dst)).replace(':0:', '::')
def get_arguments():
parser = argparse.ArgumentParser()
parser.add_argument('-t',
"--target",
action='append',
dest='targets',
help='-t target IP, CIDR Address, or IP Range')
parser.add_argument(
'-q',
'--query',
action='store',
dest='nmap_query',
default="basic",
help='--query basic, advanced, Full, or <custom nmap flags>')
parser.add_argument('-o',
'--output',
action='store',
dest='output_dir',
help='--output <path to output directory>')
parser.add_argument('-db',
'--database',
action='store',
dest='database',
help='-db "table"')
arguments = parser.parse_args()
arguments.targets_list = list()
if arguments.targets:
for target in arguments.targets:
try:
if "-" in target: # Determine IPs in Range
base_ip = '.'.join(target.split('-')[0].split('.')[0:3])
arguments.start = target.split('-')[0]
arguments.end = base_ip + "." + target.split('-')[1]
if arguments.start and arguments.end:
print(
"\nIP Range Specified\n==========================")
print("Start: \t", arguments.start)
print("End: \t", arguments.end)
print("\n")
for ip in range(
int(ipaddress.IPv4Address(arguments.start)),
int(ipaddress.IPv4Address(arguments.end))):
ip = ipaddress.IPv4Address(int(ip))
arguments.targets_list.append(str(ip))
elif "/" in target: # Determine IPs in CIDR
print("\nIP CIDR Range Specified for ", str(target),
"\n==========================")
for scoped_ip in ipaddress.IPv4Network(
target): # Loop through IP Addresses in Network
arguments.targets_list.append(str(scoped_ip))
print("# of Targets: ", str(len(arguments.targets)))
print("\n\n")
else:
arguments.targets_list.append(target)
except Exception as e:
print(e)
pass
if len(arguments.targets) < 1:
parser.error(
"must specify target, file with targets, start & end, or network to determine IPs to target"
)
arguments.targets = set(arguments.targets)
arguments.targets_list = set(arguments.targets_list)
try:
tempips = [socket.inet_aton(ip) for ip in arguments.targets]
tempips.sort()
arguments.targets = [socket.inet_ntoa(ip) for ip in tempips]
except:
pass
print("\nTargets:\n==========================")
print(arguments.targets)
print("\n\n")
return arguments
def __init__(self, *args, **kwargs):
self.args = args
self.kwargs = kwargs
name = kwargs.pop('name', None)
ipaddr = kwargs.pop('ipaddr', None)
color = kwargs.pop('color', 'black')
username = kwargs.pop('username', 'root')
password = kwargs.pop('password', 'bigfoot1')
port = kwargs.pop('port', '22')
output = kwargs.pop('output', sys.stdout)
reboot = kwargs.pop('reboot', False)
location = kwargs.pop('location', None)
pre_cmd_host = kwargs.pop('pre_cmd_host', None)
cmd = kwargs.pop('cmd', None)
post_cmd_host = kwargs.pop('post_cmd_host', None)
post_cmd = kwargs.pop('post_cmd', None)
cleanup_cmd = kwargs.pop('cleanup_cmd', None)
env = kwargs.pop('env', None)
lan_network = kwargs.pop('lan_network',
ipaddress.IPv4Network(u"192.168.1.0/24"))
lan_gateway = kwargs.pop('lan_gateway',
ipaddress.IPv4Address(u"192.168.1.1"))
self.http_proxy = kwargs.pop('http_proxy', None)
if ipaddr is not None:
pexpect.spawn.__init__(self,
command="ssh",
args=[
'%s@%s' % (username, ipaddr), '-p',
port, '-o', 'StrictHostKeyChecking=no',
'-o', 'UserKnownHostsFile=/dev/null',
'-o', 'ServerAliveInterval=60', '-o',
'ServerAliveCountMax=5'
])
self.ipaddr = ipaddr
else:
if pre_cmd_host is not None:
sys.stdout.write("\tRunning pre_cmd_host.... ")
sys.stdout.flush()
phc = pexpect.spawn(command='bash',
args=['-c', pre_cmd_host],
env=env)
phc.expect(pexpect.EOF, timeout=120)
print("\tpre_cmd_host done")
if cleanup_cmd is not None:
self.cleanup_cmd = cleanup_cmd
atexit.register(self.run_cleanup_cmd)
pexpect.spawn.__init__(self,
command="bash",
args=['-c', cmd],
env=env)
self.ipaddr = None
self.name = name
self.color = color
self.output = output
self.username = username
if username != "root":
self.prompt.append('%s\\@.*:.*$' % username)
self.password = password
self.port = port
self.location = location
self.env = env
self.lan_network = lan_network
self.lan_gateway = lan_gateway
self.tftp_device = self
# we need to pick a non-conflicting private network here
# also we want it to be consistant and not random for a particular
# board
if self.gw is None:
if (lan_gateway - lan_network.num_addresses).is_private:
self.gw = lan_gateway - lan_network.num_addresses
else:
self.gw = lan_gateway + lan_network.num_addresses
self.nw = ipaddress.IPv4Network(str(self.gw).decode('utf-8') +
'/' + str(lan_network.netmask),
strict=False)
# override above values if set in wan options
if 'options' in kwargs:
options = [x.strip() for x in kwargs['options'].split(',')]
for opt in options:
if opt.startswith('wan-static-ip:'):
self.gw = ipaddress.IPv4Address(
opt.replace('wan-static-ip:', ''))
self.static_ip = True
if opt.startswith('wan-static-ipv6:'):
self.gwv6 = ipaddress.IPv6Address(
opt.replace('wan-static-ipv6:', ''))
if opt.startswith('wan-static-route:'):
self.static_route = opt.replace('wan-static-route:',
'').replace('-', ' via ')
# TODO: remove wan-static-route at some point above
if opt.startswith('static-route:'):
self.static_route = opt.replace('static-route:',
'').replace('-', ' via ')
if opt == 'wan-dhcp-client':
self.wan_dhcp = True
if opt == 'wan-no-eth0':
self.wan_no_eth0 = True
if opt == 'wan-no-dhcp-sever':
self.wan_dhcp_server = False
if opt == 'wan-dhcp-client-v6':
self.wan_dhcpv6 = True
try:
i = self.expect([
"yes/no", "assword:", "Last login", username + ".*'s password:"******"Unable to connect to %s." % name)
except pexpect.EOF as e:
if hasattr(self, "before"):
print(self.before)
raise Exception("Unable to connect to %s." % name)
if i == 0:
self.sendline("yes")
i = self.expect(["Last login", "assword:"])
if i == 1 or i == 3:
self.sendline(password)
else:
pass
# if we did initially get a prompt wait for one here
if i < 4:
self.expect(self.prompt)
if ipaddr is None:
self.sendline('hostname')
self.expect('hostname')
self.expect(self.prompt)
ipaddr = self.ipaddr = self.before.strip()
if self.port != 22:
cprint("%s port %s device console = %s" %
(ipaddr, port, colored(color, color)),
None,
attrs=['bold'])
else:
cprint("%s device console = %s" % (ipaddr, colored(color, color)),
None,
attrs=['bold'])
if post_cmd_host is not None:
sys.stdout.write("\tRunning post_cmd_host.... ")
sys.stdout.flush()
phc = pexpect.spawn(command='bash',
args=['-c', post_cmd_host],
env=env)
i = phc.expect([pexpect.EOF, pexpect.TIMEOUT, 'password'])
if i > 0:
print("\tpost_cmd_host did not complete, it likely failed\n")
else:
print("\tpost_cmd_host done")
if post_cmd is not None:
env_prefix = ""
for k, v in env.iteritems():
env_prefix += "export %s=%s; " % (k, v)
self.sendline(env_prefix + post_cmd)
self.expect(self.prompt)
if reboot:
self.reset()
self.logfile_read = output
def route_serializer(batch, paths, next_hops):
"""Agnostic function that returns either an IPv4 or IPv6 serializer
instance.
Not all fields are required to instantiate `SLRoutev4Msg`|
`SLRoutev6Msg` classes. Therefore, conditions are specified to
determine if certain keys exist within the dictionary parameters. If
said keys do exist, then that attribute for the serializer class is
assigned. Otherwise, fields are omitted, but the class is still
instantiated.
Returns: Tuple:
sl_route_ipv4_pb2.SLRoutev4Msg|sl_route_ipv6_pb2.SLRoutev6Msg
Next Prefix based on range value
"""
Message = collections.namedtuple('Message', [
'af',
'serializer',
'route',
])
if batch['af'] == 4:
# IPv4 message types.
ipv4_or_ipv6 = Message(batch['af'], sl_route_ipv4_pb2.SLRoutev4Msg,
sl_route_ipv4_pb2.SLRoutev4)
elif batch['af'] == 6:
# IPv6 message types.
ipv4_or_ipv6 = Message(batch['af'], sl_route_ipv6_pb2.SLRoutev6Msg,
sl_route_ipv6_pb2.SLRoutev6)
# Create either a `SLRoutev4Msg` message or a `SLRoutev6Msg`
# message.
serializer = ipv4_or_ipv6.serializer()
if 'vrf_name' in batch:
serializer.VrfName = batch['vrf_name']
if 'correlator' in batch:
serializer.Correlator = batch['correlator']
if 'routes' in batch:
routes = []
for route in batch['routes']:
# Create either a `SLRoutev4` message or a `SLRoutev6`
# message.
if 'prefix' in route:
if ipv4_or_ipv6.af == 4:
value = int(ipaddress.ip_address(route['prefix']))
elif ipv4_or_ipv6.af == 6:
value = int(ipaddress.ip_address(route['prefix']))
#
local_label = 0
if 'local_label' in route:
local_label = route['local_label']
#
for i in range(route['range']):
r = ipv4_or_ipv6.route()
if 'prefix' in route:
if ipv4_or_ipv6.af == 4:
r.Prefix = value
elif ipv4_or_ipv6.af == 6:
r.Prefix = (ipaddress.IPv6Address(value).packed)
if 'prefix_len' in route:
if ipv4_or_ipv6.af == 4:
r.PrefixLen = (route['prefix_len'])
elif ipv4_or_ipv6.af == 6:
r.PrefixLen = (route['prefix_len'])
if 'admin_dist' in route:
r.RouteCommon.AdminDistance = route['admin_dist']
if 'local_label' in route:
r.RouteCommon.LocalLabel = local_label
local_label = local_label + 1
if 'tag' in route:
r.RouteCommon.Tag = route['tag']
ps = []
for path in paths[route['path']]:
p = sl_route_common_pb2.SLRoutePath()
if ipv4_or_ipv6.af == 4:
if (path['nexthop']
and 'v4_addr' in next_hops[path['nexthop']]):
p.NexthopAddress.V4Address = (int(
ipaddress.ip_address(
next_hops[path['nexthop']]['v4_addr'])))
elif ipv4_or_ipv6.af == 6:
if (path['nexthop']
and 'v6_addr' in next_hops[path['nexthop']]):
p.NexthopAddress.V6Address = (ipaddress.ip_address(
(next_hops[path['nexthop']]['v6_addr'])).packed
)
if 'if_name' in next_hops[path['nexthop']]:
p.NexthopInterface.Name = (
next_hops[path['nexthop']]['if_name'])
if 'load_metric' in path:
p.LoadMetric = path['load_metric']
if 'metric' in path:
p.Metric = path['metric']
if 'vrf_name' in next_hops[path['nexthop']]:
p.VrfName = next_hops[path['nexthop']]['vrf_name']
if 'path_id' in path:
p.PathId = path['path_id']
# Bitmap
bitmap = []
if 'p_bitmap' in path:
for bmap in path['p_bitmap']:
bitmap.append(bmap)
p.ProtectedPathBitmap.extend(bitmap)
# Add labels
labels = []
if 'labels' in path:
for label in path['labels']:
labels.append(label)
p.LabelStack.extend(labels)
# Add remote addresses
remote_addr = []
if ipv4_or_ipv6.af == 4:
if 'v4_remote_addr' in path:
for r_addr in path['v4_remote_addr']:
sl_r_addr = sl_common_types_pb2.SLIpAddress()
sl_r_addr.V4Address = (int(
ipaddress.ip_address(r_addr)))
remote_addr.append(sl_r_addr)
p.RemoteAddress.extend(remote_addr)
elif ipv4_or_ipv6.af == 6:
if 'v6_remote_addr' in path:
for r_addr in path['v6_remote_addr']:
sl_r_addr = sl_common_types_pb2.SLIpAddress()
sl_r_addr.V6Address = (
ipaddress.ip_address(r_addr).packed)
remote_addr.append(sl_r_addr)
p.RemoteAddress.extend(remote_addr)
# Append the `SLRoutePath` object to the `ps` list
# object and extend the `sl_path_list` object of the
# route.
ps.append(p)
r.PathList.extend(ps)
# Append the `SLRoutev4`|`SLRoutev6` object to the `routes`
# list object and extend the `sl_routes` object of the
# serializer.
routes.append(r)
# Increment prefix
value = util.sl_util_inc_prefix(value, route['prefix_len'], 1,
ipv4_or_ipv6.af)
serializer.Routes.extend(routes)
if ipv4_or_ipv6.af == 4:
value_str = str(ipaddress.IPv4Address(value))
else:
value_str = str(ipaddress.IPv6Address(value))
return (serializer, value_str, local_label)
def validate_ipv4_address(value):
try:
ipaddress.IPv4Address(value)
except ValueError:
raise ValidationError(_('Enter a valid IPv4 address.'), code='invalid')
# 重新命名 inMonDF 以符合 sqlite 欄位
inMonDF = inMonDF.rename(
columns={
"Name": "NAME",
"Address": "ADDRESS",
"MAC Address": "MAC",
"MAC Manufacturer": "MANUFACTURER",
"Interface": "INTERFACE"
})
# 將 ADDRESS 欄為空的資料清除掉
inMonDF = inMonDF[inMonDF['ADDRESS'].notnull()]
inMonDF['DATE'] = datetime.datetime.now()
NowTime = datetime.datetime.now()
# 將 ADDRESS 轉換成 Interger
for index, row in inMonDF.iterrows():
inMonDF.at[index, 'ADDRESS'] = int(ipaddress.IPv4Address(row['ADDRESS']))
try:
# 建立 TABLE
c.execute('CREATE TABLE "HistoryARP" ( "Name" TEXT, \
"ADDRESS" INTEGER NOT NULL, \
"MAC" TEXT, \
"MANUFACTURER" TEXT, \
"INTERFACE" TEXT, \
"DATE" TIMESTAMP )')
print(timestamp(), '建立 "HistoryARP" Table')
print(timestamp(), '資料庫更新開始')
UpdateDB()
print(timestamp(), '資料庫更新完畢')
conn.commit()
print(timestamp(), '保存資料庫更新')
conn.close()
def valid_ipv4(ip_str):
try:
ipaddress.IPv4Address(unicode(ip_str))
return True
except:
return False
parser.print_usage()
if args.verbose:
print(f'Ports: {args.ports}')
print(f'Full scan: {args.full}')
print(f'Large scan: {args.large}')
print(f'Quick scan: {args.quit}')
print(f'IP: {args.ip}')
ip = ''
if not args.ip:
nok = True
while nok:
ip = input('Input IP to scan: ')
try:
ipaddress.IPv4Address(ip)
nok = False
except:
print('IP wrong. Try again.')
else:
ip = args.ip
ports = []
if args.quit:
ports = [
20, 21, 22, 23, 25, 37, 42, 49, 53, 80, 110, 123, 137, 138, 139,
143, 443, 587, 993, 995, 1080, 1194, 1433, 2082, 2083, 2086, 2087,
2095, 2096, 2077, 2078, 3306, 5800, 5900, 8080
]
elif args.full:
prefix = ext_addr >> (128 - pos) << (128 - pos)
padded_addr = prefix | (self._padding_int & (2**128 - 1 >> pos))
self._input = padded_addr.to_bytes(16, 'big')
output = self._cipher.encrypt(bytes(self._input))
# 論文だとLSBだけど実装はMSB
flip_array.append(self.MSB(output))
#flip_array.append(self.LSB(output))
result = functools.reduce(lambda x, y: (x << 1) | y, flip_array)
anonymizedIP = addr ^ (result & (2**N - 1 << (N - priv)))
return anonymizedIP
if __name__ == '__main__':
# 192.0.2.1 > 2.90.93.17
# 2001:db8::1 > dd92:2c44:3fc0:ff1e:7ff9:c7f0:8180:7e00
key = range(32)
obj = CryptoPAn(bytes(key))
orig_addr = '192.0.2.1'
ip = ipaddress.ip_address(orig_addr)
aip = obj.anonymize(int(ip), 4, 32)
anonymizedIP = ipaddress.IPv4Address(aip)
print("Orig IP(192.0.2.1,3221225985):", ip)
print("Ano IP(2.90.93.17,39476497):", anonymizedIP)
orig_addr = '2001:db8::1'
ip = ipaddress.ip_address(orig_addr)
aip = obj.anonymize(int(ip), 6, 128)
anonymizedIP = ipaddress.IPv6Address(aip)
print("Orig IP(2001:db8::1,42540766411282592856903984951653826561):", ip)
print("Ano IP(dd92:2c44:3fc0:ff1e:7ff9:c7f0:8180:7e00):", anonymizedIP)
def __contains__(self, ip): return set.__contains__(self, ipaddress.IPv4Address(u'%s' % (ip,)))
.SYNOPSIS
Increment IP Address
.DESCRIPTION
This can be used to get a range of ip address.
.NOTES
File Name : IncrementIp.py
Author : gajendra d ambi
Prerequisite : python 3.5 (tested on windows)
Copyright - none
.LINK
Script posted over:
github.com/gajuambi/python
'''
#get the initial ip address from the user
IPADDRESS = input("Initial Ip Address: ")
#import the ipaddress module and also check whether it is an ipv6 or ipv4
import ipaddress
if ':' in IPADDRESS:
IPADDRESSMOD = ipaddress.IPv6Address(IPADDRESS)
print('this is ipv6 address')
else:
IPADDRESSMOD = ipaddress.IPv4Address(IPADDRESS)
print('this is ipv4')
#get the user input on how many ip address to be generated
IPADDRESSES = input("Number of Ip Addresses to be generated: ")
IPADDRESSES = int(c)
IPADDRESSES = IPADDRESSMOD + IPADDRESSES
while IPADDRESSMOD < IPADDRESSES:
IPADDRESSMOD += 1
print(IPADDRESSMOD)
def add(self, ip): set.add(self, ipaddress.IPv4Address(u'%s' % (ip,)))
def validate_links(topo: dict) -> Tuple[bool, List[str]]:
""" Check if a link configuration is validated
Return (False, error_messages) if it's not"""
valid = True
error_messages = []
for link in topo['links']:
""" Check if the link's target is valid and exists"""
if link.get('target') is None:
valid = False
error_messages.append("Link {0}: target required".format(
link['name']))
else:
targets: list = []
if topo.get('instances'):
targets.extend(topo['instances'])
if topo.get('routers'):
targets.extend(topo['routers'])
target = next(
filter(lambda t: t['gid'] == link['target']['gid'], targets),
None)
if target is None:
valid = False
error_messages.append(
"Link {0}: No such target that has gid {1}".format(
link.get('name'), link['target']['gid']))
""" Check if the link's network is valid and exists"""
if link.get('network') is None:
valid = False
error_messages.append("Link {0}: network required".format(
link.get('name')))
else:
network = next(
filter(lambda n: n['gid'] == link['network']['gid'],
topo['networks']), None)
if network is None:
valid = False
error_messages.append(
"Link {0}: No such network that has gid {1}".format(
link.get('name'), link['network']['gid']))
"""Check if link's ip is in the range of its network cidr"""
try:
ip = ipaddress.IPv4Address(link['ip'])
if link.get('network') is not None:
network = next(
filter(lambda n: n['gid'] == link['network']['gid'],
topo['networks']), None)
if network:
cidr = ipaddress.ip_network(network['cidr'])
if ip not in cidr.hosts():
valid = False
error_messages.append(
"Link {0}: ip address {1} is not in cidr {2}".
format(link.get('name'), link['ip'],
network['cidr']))
except ValueError as err:
valid = False
error_messages.append("Link {0}: {1}".format(
link.get('name'), str(err)))
return valid, error_messages
def to_ipaddress(a):
if a.is_v4():
return ipaddress.IPv4Address(a.bytes()[-4:])
else:
return ipaddress.IPv6Address(a.bytes())
def valid_ipv4(ip):
try:
ipaddress.IPv4Address(ip)
return True
except (AttributeError, ipaddress.AddressValueError):
return False
q.put(worker)
q.join()
q2 = Queue()
for y in range(200):
t2 = threading.Thread(target=threader2)
t2.daemon = True
t2.start()
for worker2 in portopenlist:
item = str(ipaddress.IPv4Address(worker2))
print(item)
q2.put(item)
q2.join()
if unauthjenkins != []:
print("+"*40)
print("If Jenkins is running on Linux, start a local netcat listener (ex: nc -nlvp <port>) and follow the steps here to get command shell access:")
print("https://www.n00py.io/2017/01/compromising-jenkins-and-extracting-credentials/")
print('')
print("If Jenkins is running on Windows, run Windows commands by typing the following into the script console:")
print("def sout = new StringBuffer(), serr = new StringBuffer()")
print("def proc = 'cmd.exe /c <command>'.execute()")
print("proc.waitForKill(1000)")
print('println "out> $sout err> $serr"')
def main():
# Get device(s) to connect to
while True:
try:
devs = input(
"Enter a space delimited list of device IPs: ").split()
for i in range(0, len(devs)):
devs[i] = ipaddress.IPv4Address(devs[i])
except:
if input(
"Invalid data entered. Press any key to continue or 'q' to quit. "
) == 'q':
exit()
else:
break
if len(devs) > 0:
# gather username and password
cisco_user = input("Device Username: "******"Device Password: "******"host": str(dev),
"username": cisco_user,
"password": cisco_pass,
"device_type": "cisco_ios",
}
# Attempt connection
try:
net_connect = Netmiko(**conn)
vers = net_connect.send_command('show version')
except:
pass
else:
# Special handling for Nexus
if "Nexus" in vers:
command = 'show int brief | inc down'
# Normal handling for IOS
else:
command = 'show ip int brief | inc down'
# Get list of down ports and configure as client access ports
ports = net_connect.send_command(command).split()
for port in ports:
int_commands = [
f'interface {port}', 'switchport mode access',
'switchport access vlan 2', 'switchport voice vlan 10',
'spanning portfast', 'spanning link point',
'no logging event link', 'no snmp trap link'
]
if port.startswith(
('Eth', 'eth', 'Gig', 'gig', 'Fa', 'fa')):
output = net_connect.send_config_set(int_commands)
print(output)
def ip2int(addr):
return int(ipaddress.IPv4Address(addr))
if __name__ == "__main__":
filterwarnings('ignore', category=MySQLdb.Warning)
try:
_ = pwd.getpwnam("mysql").pw_uid
except KeyError:
print("Could not find the user mysql\nGiving up...")
os.sys.exit(1)
try:
_ = grp.getgrnam("mysql").gr_gid
except KeyError:
print("Could not find the group mysql\nGiving up...")
os.sys.exit(1)
IPV6 = None
try:
ipaddress.IPv4Address(MYIP)
except ipaddress.AddressValueError:
try:
ipaddress.IPv6Address(MYIP)
except ipaddress.AddressValueError:
print("Neither IPv6 nor IPv4 were detected\nGiving up...")
os.sys.exit()
else:
IPV6 = True
ARGS = parse(IPV6)
ARGSDICT = vars(ARGS)
if ARGS.force:
FORCE = True
check_install()
def int2ip(addr):
return str(ipaddress.IPv4Address(addr))
class CougarPark(openwrt_router.OpenWrtRouter):
'''
Intel Cougar Park board
'''
model = ("cougarpark")
wan_iface = "erouter0"
lan_iface = "brlan0"
lan_network = ipaddress.IPv4Network(u"192.168.0.0/24")
lan_gateway = ipaddress.IPv4Address(u"192.168.0.1")
uprompt = ["Shell>"]
delaybetweenchar = 0.2
uboot_ddr_addr = "0x10000000"
uboot_eth = "eth0"
arm = None
def __init__(self, *args, **kwargs):
super(CougarPark, self).__init__(*args, **kwargs)
del kwargs['conn_cmd']
self.arm = pexpect.spawn.__new__(linux.LinuxDevice)
arm_conn = connection_decider.connection(kwargs['connection_type'],
device=self.arm,
conn_cmd=self.conn_list[1],
**kwargs)
arm_conn.connect()
self.consoles.append(self.arm)
self.arm.logfile_read = sys.stdout
self.arm.start = self.start
def kill_console_at_exit(self):
self.kill(signal.SIGKILL)
self.arm.kill(signal.SIGKILL)
def wait_for_boot(self):
'''
Break into Shell.
'''
# Try to break into uboot
self.expect('Remaining timeout:', timeout=30)
self.send(KEY_ESCAPE)
self.expect('startup.nsh', timeout=30)
self.send(KEY_ESCAPE)
self.expect_exact(self.uprompt, timeout=30)
def switch_to_mode(self, index):
self.sendline('exit')
self.expect_exact('Device Manager')
self.send(KEY_DOWN)
self.send(KEY_DOWN)
self.sendline(KEY_DOWN)
self.expect_exact('System Setup')
self.sendline()
self.expect_exact('Puma7 Configuration')
self.sendline(KEY_DOWN)
self.expect_exact('BIOS Network Configuration')
self.send(KEY_DOWN)
self.send(KEY_DOWN)
self.sendline(KEY_DOWN)
self.expect_exact('Disabled')
self.send(KEY_UP)
self.send(KEY_UP)
self.send(KEY_UP)
self.send(KEY_UP)
for i in range(1, index):
self.send(KEY_DOWN)
self.sendline()
self.send(KEY_F4)
self.send(KEY_F4)
self.send('Y')
self.send(KEY_ESCAPE)
self.send(KEY_UP)
self.send(KEY_UP)
self.sendline(KEY_UP)
self.sendline()
self.wait_for_boot()
def setup_uboot_network(self, tftp_server):
from devices import lan
# we override to use LAN because that's the only way it works for this device
lan.start_tftp_server()
self.tftp_server_int = lan.gw
# line sep for UEFI
self.linesep = '\x0D'
self.switch_to_mode(MODE_NSGMII2)
self.sendline('ifconfig -l')
self.expect_exact(self.uprompt)
self.sendline('ifconfig -c %s' % self.uboot_eth)
self.expect_exact(self.uprompt, timeout=30)
self.sendline('ifconfig -s %s static %s 255.255.255.0 %s' %
(self.uboot_eth, tftp_server + 1, tftp_server))
self.expect_exact(self.uprompt, timeout=30)
self.sendline('ifconfig -l')
self.expect_exact(self.uprompt)
self.sendline('ping %s' % tftp_server)
if 0 == self.expect([
'Echo request sequence 1 timeout',
'10 packets transmitted, 10 received, 0% packet loss, time 0ms'
]):
raise Exception("Failing to ping tftp server, aborting")
self.expect_exact(self.uprompt, timeout=30)
def flash_linux(self, KERNEL):
print("\n===== Updating kernel and rootfs =====\n")
from devices import lan
filename = self.prepare_file(KERNEL,
tserver=lan.ipaddr,
tport=lan.port)
self.sendline(
'tftp -p %s -d %s %s' %
(self.uboot_ddr_addr, lan.tftp_server_ip_int(), filename))
self.expect_exact('TFTP general status Success')
if 0 == self.expect_exact(['TFTP TFTP Read File status Time out'] +
self.uprompt,
timeout=60):
raise Exception("TFTP timed out")
self.sendline('update -a A -s %s' % self.uboot_ddr_addr)
if 0 == self.expect_exact([
'UImage has wrong version magic',
'Congrats! Looks like everything went as planned! Your flash has been updated! Have a good day!'
]):
raise Exception("Image looks corrupt")
self.expect_exact(self.uprompt, timeout=30)
def boot_linux(self, rootfs=None, bootargs=None):
common.print_bold("\n===== Booting linux for %s on %s =====" %
(self.model, self.root_type))
self.switch_to_mode(MODE_DISABLED)
self.sendline('npcpu start')
self.sendline('bootkernel -c %kernel_cmd_line%')
self.delaybetweenchar = None
def wait_for_networkxxx(self):
self.sendline('ip link set %s down' % self.wan_iface)
self.expect(self.prompt)
self.sendline('ip link set %s name foobar' % self.wan_iface)
self.expect(self.prompt)
self.sendline('ip link set foobar up')
self.expect(self.prompt)
self.sendline('brctl delif brlan0 nsgmii0')
self.expect(self.prompt)
self.sendline('brctl addbr %s' % self.wan_iface)
self.expect(self.prompt)
self.sendline('brctl addif %s nsgmii0' % self.wan_iface)
self.expect(self.prompt)
self.sendline('brctl addif %s foobar' % self.wan_iface)
self.expect(self.prompt)
self.sendline('dhclient %s' % self.wan_iface)
self.expect(self.prompt)
super(CougarPark, self).wait_for_network()
class OpenWrtRouter(base.BaseDevice):
'''
Args:
model: Examples include "ap148" and "ap135".
conn_cmd: Command to connect to device such as "ssh -p 3003 [email protected]"
power_ip: IP Address of power unit to which this device is connected
power_outlet: Outlet # this device is connected
'''
conn_list = None
consoles = []
prompt = ['root\\@.*:.*#', '/ # ', '@R7500:/# ']
uprompt = ['ath>', '\(IPQ\) #', 'ar7240>', '\(IPQ40xx\)']
uboot_eth = "eth0"
linux_booted = False
saveenv_safe = True
lan_gmac_iface = "eth1"
lan_iface = "br-lan"
wan_iface = "eth0"
tftp_server_int = None
flash_meta_booted = False
uboot_net_delay = 30
routing = True
lan_network = ipaddress.IPv4Network(u"192.168.1.0/24")
lan_gateway = ipaddress.IPv4Address(u"192.168.1.1")
def __init__(self,
model,
conn_cmd,
power_ip,
power_outlet,
output=sys.stdout,
password='******',
web_proxy=None,
tftp_server=None,
tftp_username=None,
tftp_password=None,
tftp_port=None,
connection_type=None,
power_username=None,
power_password=None,
config=None,
**kwargs):
self.config = config
self.consoles.append(self)
if type(conn_cmd) is list:
self.conn_list = conn_cmd
conn_cmd = self.conn_list[0]
if connection_type is None:
print("\nWARNING: Unknown connection type using ser2net\n")
connection_type = "ser2net"
self.connection = connection_decider.connection(connection_type,
device=self,
conn_cmd=conn_cmd,
**kwargs)
self.connection.connect()
self.logfile_read = output
self.power = power.get_power_device(power_ip,
outlet=power_outlet,
username=power_username,
password=power_password)
self.model = model
self.web_proxy = web_proxy
if tftp_server:
try:
self.tftp_server = socket.gethostbyname(tftp_server)
if tftp_username:
self.tftp_username = tftp_username
if tftp_password:
self.tftp_password = tftp_password
if tftp_port:
self.tftp_port = tftp_port
except:
pass
else:
self.tftp_server = None
atexit.register(self.kill_console_at_exit)
def reset(self, break_into_uboot=False):
'''Power-cycle this device.'''
if not break_into_uboot:
self.power.reset()
return
for attempt in range(3):
try:
self.power.reset()
self.expect('U-Boot', timeout=30)
self.expect('Hit any key ')
self.sendline('\n\n\n\n\n\n\n') # try really hard
self.expect(self.uprompt, timeout=4)
# Confirm we are in uboot by typing any command.
# If we weren't in uboot, we wouldn't see the command
# that we type.
self.sendline('echo FOO')
self.expect('echo FOO', timeout=4)
self.expect(self.uprompt, timeout=4)
return
except Exception as e:
print(e)
print("\nWe appeared to have failed to break into U-Boot...")
def get_seconds_uptime(self):
'''Return seconds since last reboot. Stored in /proc/uptime'''
self.sendcontrol('c')
self.expect(self.prompt)
self.sendline('\ncat /proc/uptime')
self.expect('((\d+)\.(\d+)(\s)?)((\d+)\.(\d+))?((\d+)\.(\d+))?\r\n')
seconds_up = float(self.match.group(1))
self.expect(self.prompt)
return seconds_up
def get_memfree(self):
'''Return the kB of free memory.'''
# free pagecache, dentries and inodes for higher accuracy
self.sendline('\nsync; echo 3 > /proc/sys/vm/drop_caches')
self.expect('drop_caches')
self.expect(self.prompt)
self.sendline('cat /proc/meminfo | head -2')
self.expect('MemFree:\s+(\d+) kB')
memFree = self.match.group(1)
self.expect(self.prompt)
return int(memFree)
def get_file(self, fname, lan_ip="192.168.1.1"):
'''
OpenWrt routers have a webserver, so we use that to download
the file via a webproxy (e.g. a device on the board's LAN).
'''
if not self.web_proxy:
raise Exception('No web proxy defined to access board.')
url = 'http://%s/TEMP' % lan_ip
self.sendline("\nchmod a+r %s" % fname)
self.expect('chmod ')
self.expect(self.prompt)
self.sendline("ln -sf %s /www/TEMP" % fname)
self.expect(self.prompt)
proxy = urllib2.ProxyHandler({'http': self.web_proxy + ':8080'})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
print("\nAttempting download of %s via proxy %s" %
(url, self.web_proxy + ':8080'))
return urllib2.urlopen(url, timeout=30)
def tftp_get_file(self, host, filename, timeout=30):
'''Download file from tftp server.'''
self.sendline("tftp-hpa %s" % host)
self.expect("tftp>")
self.sendline("get %s" % filename)
t = timeout
self.expect("tftp>", timeout=t)
self.sendline("q")
self.expect(self.prompt)
self.sendline("ls `basename %s`" % filename)
new_fname = os.path.basename(filename)
self.expect("%s" % new_fname)
self.expect(self.prompt)
return new_fname
def tftp_get_file_uboot(self, loadaddr, filename, timeout=60):
'''Within u-boot, download file from tftp server.'''
for attempt in range(3):
try:
self.sendline("tftpboot %s %s" % (loadaddr, filename))
self.expect_exact("tftpboot %s %s" % (loadaddr, filename))
i = self.expect(['Bytes transferred = (\d+) (.* hex)'] +
self.uprompt,
timeout=timeout)
if i != 0:
continue
ret = int(self.match.group(1))
self.expect(self.uprompt)
return ret
except:
print("\nTFTP failed, let us try that again")
self.sendcontrol('c')
self.expect(self.uprompt)
raise Exception("TFTP failed, try rebooting the board.")
def prepare_file(self,
fname,
tserver=None,
tusername=None,
tpassword=None,
tport=None):
'''Copy file to tftp server, so that it it available to tftp
to the board itself.'''
if tserver is None:
tserver = self.tftp_server
if tusername is None:
tusername = self.tftp_username
if tpassword is None:
tpassword = self.tftp_password
if tport is None:
tport = self.tftp_port
if fname.startswith("http://") or fname.startswith("https://"):
return common.download_from_web(fname, tserver, tusername,
tpassword, tport)
else:
return common.scp_to_tftp_server(os.path.abspath(fname), tserver,
tusername, tpassword, tport)
def install_package(self, fname):
'''Install OpenWrt package (opkg).'''
target_file = fname.replace('\\', '/').split('/')[-1]
new_fname = self.prepare_file(fname)
local_file = self.tftp_get_file(self.tftp_server,
new_fname,
timeout=60)
# opkg requires a correct file name
self.sendline("mv %s %s" % (local_file, target_file))
self.expect(self.prompt)
self.sendline("opkg install --force-downgrade %s" % target_file)
self.expect(['Installing', 'Upgrading', 'Downgrading'])
self.expect(self.prompt, timeout=60)
self.sendline("rm -f /%s" % target_file)
self.expect(self.prompt)
def randomMAC(self):
mac = [
0x00, 0x16, 0x3e,
random.randint(0x00, 0x7f),
random.randint(0x00, 0xff),
random.randint(0x00, 0xff)
]
return ':'.join(map(lambda x: "%02x" % x, mac))
def check_memory_addresses(self):
'''Check/set memory addresses and size for proper flashing.'''
pass
def flash_uboot(self, uboot):
raise Exception(
'Code not written for flash_uboot for this board type, %s' %
self.model)
def flash_rootfs(self, ROOTFS):
raise Exception(
'Code not written for flash_rootfs for this board type, %s' %
self.model)
def flash_linux(self, KERNEL):
raise Exception(
'Code not written for flash_linux for this board type, %s.' %
self.model)
def flash_meta(self, META_BUILD, wan, lan):
raise Exception(
'Code not written for flash_meta for this board type, %s.' %
self.model)
def prepare_nfsroot(self, NFSROOT):
raise Exception(
'Code not written for prepare_nfsroot for this board type, %s.' %
self.model)
def wait_for_boot(self):
'''
Break into U-Boot. Check memory locations and sizes, and set
variables needed for flashing.
'''
# Try to break into uboot
for attempt in range(4):
try:
self.expect('U-Boot', timeout=30)
i = self.expect(['Hit any key ', 'gpio 17 value 1'] +
self.uprompt)
if i == 1:
print(
"\n\nWARN: possibly need to hold down reset button to break into U-Boot\n\n"
)
self.expect('Hit any key ')
self.sendline('\n\n\n\n\n\n\n') # try really hard
i = self.expect(['httpd'] + self.uprompt, timeout=4)
if i == 0:
self.sendcontrol('c')
self.sendline('echo FOO')
self.expect('echo FOO')
self.expect('FOO')
self.expect(self.uprompt, timeout=4)
break
except:
print('\n\nFailed to break into uboot, try again.')
self.reset()
else:
# Tried too many times without success
print('\nUnable to break into U-Boot, test will likely fail')
self.check_memory_addresses()
# save env first, so CRC is OK for later tests
self.sendline("saveenv")
self.expect([
"Writing to Nand... done", "Protected 1 sectors",
"Saving Environment to NAND...", 'Saving Environment to FAT...'
])
self.expect(self.uprompt)
def kill_console_at_exit(self):
self.kill(signal.SIGKILL)
def wait_for_network(self):
'''Wait until network interfaces have IP Addresses.'''
for interface in [self.wan_iface, self.lan_iface]:
for i in range(5):
try:
if interface is not None:
ipaddr = self.get_interface_ipaddr(interface).strip()
if not ipaddr:
continue
self.sendline("route -n")
self.expect(interface, timeout=2)
self.expect(self.prompt)
except pexpect.TIMEOUT:
print("waiting for wan/lan ipaddr")
else:
break
def network_restart(self):
'''Restart networking.'''
self.sendline('\nifconfig')
self.expect('HWaddr', timeout=10)
self.expect(self.prompt)
self.sendline('/etc/init.d/network restart')
self.expect(self.prompt, timeout=40)
self.sendline('ifconfig')
self.expect(self.prompt)
self.wait_for_network()
def firewall_restart(self):
'''Restart the firewall. Return how long it took.'''
start = datetime.now()
self.sendline('/etc/init.d/firewall restart')
self.expect_exact([
"Loading redirects",
"* Running script '/usr/share/miniupnpd/firewall.include'",
"Running script '/etc/firewall.user'"
])
if 'StreamBoost' in self.before:
print("test_msg: Sleeping for Streamboost")
self.expect(pexpect.TIMEOUT, timeout=45)
else:
self.expect(pexpect.TIMEOUT, timeout=15)
self.expect(self.prompt, timeout=80)
return int((datetime.now() - start).seconds)
def get_wan_iface(self):
'''Return name of WAN interface.'''
self.sendline('\nuci show network.wan.ifname')
self.expect("wan.ifname='?([a-zA-Z0-9\.-]*)'?\r\n", timeout=5)
return self.match.group(1)
def get_wan_proto(self):
'''Return protocol of WAN interface, e.g. dhcp.'''
self.sendline('\nuci show network.wan.proto')
self.expect("wan.proto='?([a-zA-Z0-9\.-]*)'?\r\n", timeout=5)
return self.match.group(1)
def setup_uboot_network(self, tftp_server=None):
if self.tftp_server_int is None:
if tftp_server is None:
raise Exception("Error in TFTP server configuration")
self.tftp_server_int = tftp_server
'''Within U-boot, request IP Address,
set server IP, and other networking tasks.'''
# Use standard eth1 address of wan-side computer
self.sendline('setenv autoload no')
self.expect(self.uprompt)
self.sendline('setenv ethact %s' % self.uboot_eth)
self.expect(self.uprompt)
self.expect(
pexpect.TIMEOUT,
timeout=self.uboot_net_delay) # running dhcp too soon causes hang
self.sendline('dhcp')
i = self.expect(['Unknown command', 'DHCP client bound to address'],
timeout=60)
self.expect(self.uprompt)
if i == 0:
self.sendline('setenv ipaddr 192.168.0.2')
self.expect(self.uprompt)
self.sendline('setenv serverip %s' % self.tftp_server_int)
self.expect(self.uprompt)
if self.tftp_server_int:
#interfaces=['eth1','eth0']
passed = False
for attempt in range(5):
try:
self.sendcontrol('c')
self.expect('<INTERRUPT>')
self.expect(self.uprompt)
self.sendline("ping $serverip")
self.expect("host %s is alive" % self.tftp_server_int)
self.expect(self.uprompt)
passed = True
break
except:
print("ping failed, trying again")
# Try other interface
self.sendcontrol('c')
self.expect('<INTERRUPT>')
self.expect(self.uprompt)
#self.sendline('setenv ethact %s' % (interfaces[attempt%2]))
#self.expect(self.uprompt)
self.sendline('dhcp')
self.expect('DHCP client bound to address', timeout=60)
self.expect(self.uprompt)
self.expect(pexpect.TIMEOUT, timeout=1)
assert passed
self.sendline('setenv dumpdir crashdump')
if self.saveenv_safe:
self.expect(self.uprompt)
self.sendline('saveenv')
self.expect(self.uprompt)
def boot_linux(self, rootfs=None, bootargs=""):
print("\nWARNING: We don't know how to boot this board to linux "
"please write the code to do so.")
def wait_for_linux(self):
'''Verify Linux starts up.'''
i = self.expect([
'Reset Button Push down', 'Linux version', 'Booting Linux',
'Starting kernel ...', 'Kernel command line specified:'
],
timeout=45)
if i == 0:
self.expect('httpd')
self.sendcontrol('c')
self.expect(self.uprompt)
self.sendline('boot')
i = self.expect([
'U-Boot', 'login:'******'Please press Enter to activate this console'
] + self.prompt,
timeout=150)
if i == 0:
raise Exception('U-Boot came back when booting kernel')
elif i == 1:
self.sendline('root')
if 0 == self.expect(['assword:'] + self.prompt):
self.sendline('password')
self.expect(self.prompt)
# Give things time to start or crash on their own.
# Some things, like wifi, take a while.
self.expect(pexpect.TIMEOUT, timeout=40)
self.sendline('\r')
self.expect(self.prompt)
self.sendline('uname -a')
self.expect('Linux ')
self.expect(self.prompt)
def config_wan_proto(self, proto):
'''Set protocol for WAN interface.'''
if "dhcp" in proto:
if self.get_wan_proto() != "dhcp":
self.sendline("uci set network.wan.proto=dhcp")
self.sendline("uci commit")
self.expect(self.prompt)
self.network_restart()
self.expect(pexpect.TIMEOUT, timeout=10)
if "pppoe" in proto:
self.wan_iface = "pppoe-wan"
if self.get_wan_proto() != "pppoe":
self.sendline("uci set network.wan.proto=pppoe")
self.sendline("uci commit")
self.expect(self.prompt)
self.network_restart()
self.expect(pexpect.TIMEOUT, timeout=10)
def uci_allow_wan_http(self, lan_ip="192.168.1.1"):
'''Allow access to webgui from devices on WAN interface.'''
self.uci_forward_traffic_redirect("tcp", "80", lan_ip)
def uci_allow_wan_ssh(self, lan_ip="192.168.1.1"):
self.uci_forward_traffic_redirect("tcp", "22", lan_ip)
def uci_forward_traffic_redirect(self, tcp_udp, port_wan, ip_lan):
self.sendline('uci add firewall redirect')
self.sendline('uci set firewall.@redirect[-1].src=wan')
self.sendline('uci set firewall.@redirect[-1].src_dport=%s' % port_wan)
self.sendline('uci set firewall.@redirect[-1].proto=%s' % tcp_udp)
self.sendline('uci set firewall.@redirect[-1].dest_ip=%s' % ip_lan)
self.sendline('uci commit firewall')
self.firewall_restart()
def uci_forward_traffic_rule(self, tcp_udp, port, ip, target="ACCEPT"):
self.sendline('uci add firewall rule')
self.sendline('uci set firewall.@rule[-1].src=wan')
self.sendline('uci set firewall.@rule[-1].proto=%s' % tcp_udp)
self.sendline('uci set firewall.@rule[-1].dest=lan')
self.sendline('uci set firewall.@rule[-1].dest_ip=%s' % ip)
self.sendline('uci set firewall.@rule[-1].dest_port=%s' % port)
self.sendline('uci set firewall.@rule[-1].target=%s' % target)
self.sendline('uci commit firewall')
self.firewall_restart()
def wait_for_mounts(self):
# wait for overlay to finish mounting
for i in range(5):
try:
board.sendline('mount')
board.expect_exact('overlayfs:/overlay on / type overlay',
timeout=15)
board.expect(prompt)
break
except:
pass
else:
print("WARN: Overlay still not mounted")
def parse_ipv4(line):
ipv4_str, rest = line.lstrip().split(' ', 1)
ipaddress.IPv4Address(ipv4_str) # validate ipv4 (raises ValueError)
return ipv4_str, rest
def _add_subscriber_flow(self, imsi: str, ue_mac: str, has_quota: bool):
"""
Redirect the UE flow to the dedicated flask server.
On return traffic rewrite the IP/port so the redirection is seamless.
Match incoming user traffic:
1. Rewrite ip src to be in same subnet as check quota server
2. Rewrite ip dst to check quota server
3. Rewrite eth dst to check quota server
4. Rewrite tcp dst port to either quota/non quota
5. LEARN action
This will rewrite the ip src and dst and tcp port for traffic
coming back to the UE
6. ARP controller arp clamp
Sets the ARP clamping(for ARPs from the check quota server)
for the fake IP we used to reach the check quota server
"""
parser = self._datapath.ofproto_parser
fake_ip = self._next_fake_ip()
if has_quota:
tcp_dst = self.config.has_quota_port
else:
tcp_dst = self.config.no_quota_port
match = MagmaMatch(imsi=encode_imsi(imsi),
eth_type=ether_types.ETH_TYPE_IP,
ip_proto=IPPROTO_TCP,
direction=Direction.OUT,
vlan_vid=(0x1000, 0x1000),
ipv4_dst=self.config.quota_check_ip)
actions = [
parser.NXActionLearn(
table_id=self.ip_rewrite_scratch,
priority=flows.UE_FLOW_PRIORITY,
specs=[
parser.NXFlowSpecMatch(src=ether_types.ETH_TYPE_IP,
dst=('eth_type_nxm', 0),
n_bits=16),
parser.NXFlowSpecMatch(src=IPPROTO_TCP,
dst=('ip_proto_nxm', 0),
n_bits=8),
parser.NXFlowSpecMatch(src=Direction.IN,
dst=(DIRECTION_REG, 0),
n_bits=32),
parser.NXFlowSpecMatch(src=int(
ipaddress.IPv4Address(self.config.bridge_ip)),
dst=('ipv4_src_nxm', 0),
n_bits=32),
parser.NXFlowSpecMatch(src=int(fake_ip),
dst=('ipv4_dst_nxm', 0),
n_bits=32),
parser.NXFlowSpecMatch(src=('tcp_src_nxm', 0),
dst=('tcp_dst_nxm', 0),
n_bits=16),
parser.NXFlowSpecMatch(src=tcp_dst,
dst=('tcp_src_nxm', 0),
n_bits=16),
parser.NXFlowSpecMatch(src=encode_imsi(imsi),
dst=(IMSI_REG, 0),
n_bits=64),
parser.NXFlowSpecLoad(src=('ipv4_src_nxm', 0),
dst=('ipv4_dst_nxm', 0),
n_bits=32),
parser.NXFlowSpecLoad(src=int(
ipaddress.IPv4Address(self.config.quota_check_ip)),
dst=('ipv4_src_nxm', 0),
n_bits=32),
parser.NXFlowSpecLoad(src=80,
dst=('tcp_src_nxm', 0),
n_bits=16),
]),
parser.OFPActionSetField(ipv4_src=str(fake_ip)),
parser.OFPActionSetField(ipv4_dst=self.config.bridge_ip),
parser.OFPActionSetField(eth_dst=self.config.cwf_bridge_mac),
parser.OFPActionSetField(tcp_dst=tcp_dst),
parser.OFPActionPopVlan()
]
flows.add_output_flow(self._datapath,
self.tbl_num,
match,
actions,
priority=flows.UE_FLOW_PRIORITY,
output_port=OFPP_LOCAL)
# For traffic from the check quota server rewrite src ip and port
match = MagmaMatch(imsi=encode_imsi(imsi),
eth_type=ether_types.ETH_TYPE_IP,
ip_proto=IPPROTO_TCP,
direction=Direction.IN,
ipv4_src=self.config.bridge_ip)
actions = [
parser.NXActionResubmitTable(table_id=self.ip_rewrite_scratch)
]
flows.add_resubmit_next_service_flow(self._datapath,
self.tbl_num,
match,
actions,
priority=flows.DEFAULT_PRIORITY,
resubmit_table=self.egress_table)
self.logger.info(
"Setting up fake arp for for subscriber %s(%s),"
"with fake ip %s", imsi, ue_mac, fake_ip)
if self.arp_contoller or self.arpd_controller_fut.done():
if not self.arp_contoller:
self.arp_contoller = self.arpd_controller_fut.result()
self.arp_contoller.set_incoming_arp_flows(self._datapath, fake_ip,
ue_mac)
def _socks5_establish_connection(self, socket_):
"""
:type socket_: socket
"""
# check SOCKS5 version
data = socket_.recv(1)
if data != b'\x05':
raise SOCKSError("WrongSOCKSVersion")
# get number of authentication methods supported, 1 byte
data = socket_.recv(1)
if data[0] == 0:
raise SOCKSError("WrongNumberOfAuthenticationMethods")
# get authentication methods, variable length, 1 byte per method supported
tmp = data[0]
data = socket_.recv(tmp)
if len(data) != tmp:
raise SOCKSError("WrongNumberOfAuthenticationMethods")
for tmp in data:
if tmp == 0:
break
else:
socket_.send(b'\x05\xff')
raise SOCKSError("NoUsableAuthMethod")
socket_.send(b'\x05\x00')
data = socket_.recv(4)
if data[:2] != b'\x05\x01':
socket_.send(b'\x05\x08')
raise SOCKSError("CommandNotSupported")
dst_host_type = data[3:4]
if data[3] == 0x01:
data = socket_.recv(4)
dst_host = ipaddress.IPv4Address(data).compressed
dst_host_raw = data
elif data[3] == 0x03:
dst_host_len = socket_.recv(1)
dst_host = socket_.recv(dst_host_len[0])
dst_host_raw = dst_host_len + dst_host
del dst_host_len
elif data[3] == 0x04:
data = socket_.recv(16)
dst_host = ipaddress.IPv6Address(data).compressed
dst_host_raw = data
else:
socket_.send(b'\x05\x08')
raise SOCKSError("AddressTypeNotSupported")
dst_port_raw = socket_.recv(2)
dst_port = struct.unpack("!H", dst_port_raw)[0]
try:
outgoing_socket = self.client_cls(dst_host, dst_port)
except OSError as e:
if e.strerror == 'No route to host':
logger.info("can't connect to %s", (dst_host, dst_port))
socket_.close()
return
else:
raise
except:
socket_.close()
raise
socket_.send(b'\x05\x00\x00')
socket_.send(dst_host_type)
socket_.send(dst_host_raw)
socket_.send(dst_port_raw)
if self.filter_cls:
self.filter = self.filter_cls((self.host, self.port),
(dst_host, dst_port))
return outgoing_socket
import ipaddress
from typing import List
import os
# Enter IP subnet (/24) here with last part as zero
peer_subnet_start = ipaddress.IPv4Address("192.168.43.0")
#Enter the last part of each peer here
peers = [
253,
48,
63,
87
]
def get_peers() -> List[str]:
return list(map(lambda x: str(peer_subnet_start + x), peers))
def upload():
for peer in get_peers():
up_command = f"scp -r ../recording-manager/ pi@{peer}:~"
print(up_command)
os.system(up_command)
if __name__ == '__main__':
upload()
def _handle_connection( self, connection, client_address, storage_lock ):
'''Connection handler'''
if not self.host:
creds = connection.getsockopt( socket.SOL_SOCKET, socket.SO_PEERCRED,
struct.calcsize( "3i" ) )
pid, uid, gid = struct.unpack( "3i", creds )
log.debug( "new connection: pid: {0}; uid: {1}; gid: {2}".format( pid, uid, gid ) )
else:
log.debug( "new connection: client address: %s" % ( str( client_address ) ) )
connection.settimeout( 5 )
data = bytearray()
util.recvPack( connection, data )
bytesReceived = len( data )
log.debug( "data: %s" % ( data[:1000] ) )
data = data[10:] # .decode( 'utf-8' )
bresp = bytearray()
cmd = None
perm = False
# dcmd - command dictionary. Contains three fields:
# cmd - command name, received from client
# params - command parameters, received from client
# res - internal command processing result, set by the command processor or
# command handler. This result has the server semantics, rather than the
# command semantics: if it's 0 - this means a general program error, e.g.
# non-existing command name. It's meant to be handled by the server before
# sending response to the client.
try:
dcmd = util.parsePacket( data )
# 'internal' switch is only used within regd server
if "internal" in dcmd:
raise Exception("Unrecognized syntax.")
cmd = dcmd["cmd"]
log.debug( "command received: {0}".format( cmd ) )
except Exception as e:
bresp = composeResponse( "0", "Exception while parsing the command: " + str( e ) )
else:
# Check permission and persistency
if self.host:
# IP-based server
if not self.trustedIps:
perm = True
else :
try:
clientIp = ipaddress.IPv4Address( client_address[0] )
except ValueError:
log.error( "Client IP address format is not recognized." )
else:
for i in self.trustedIps:
if clientIp in i:
perm = True
log.debug( "Client IP is trusted." )
break
if not perm:
log.error( "Client IP is NOT trusted : '%s : %s" %
( client_address[0], client_address[1] ) )
else:
# File socket server
if self.useruid == uid:
perm = True
elif uid in self.trustedUserids:
perm = True
elif cmd not in defs.secure_cmds:
if self.acc == defs.PL_PUBLIC:
perm = True
elif self.acc == defs.PL_PUBLIC_READ:
if cmd in defs.pubread_cmds:
perm = True
log.debug( "perm: {0}".format( perm ) )
if not perm:
bresp = composeResponse( "0", str( IKException( ErrorCode.permissionDenied, cmd ) ) )
#elif not self.datafile and defs.PERS in cmd:
# bresp = composeResponse( "0", str( IKException( ErrorCode.operationFailed, None, "Persistent tokens are not enabled." ) ) )
if not len( bresp ):
util.connLock = storage_lock
bresp = CmdSwitcher.handleCmd( dcmd )
try:
bytesSent = util.sendPack( connection, bresp )
except OSError as er:
log.error( "Socket error {0}: {1}\nClient address: {2}\n".format(
er.errno, er.strerror, client_address ) )
else:
if type( bytesSent ) is int:
info.setShared( "bytesReceived", bytesReceived, defs.SUM )
info.setShared( "bytesSent", bytesSent, defs.SUM )
if cmd == defs.STOP_SERVER and perm:
self.sigsock_w.send("stop".encode())
return
#!/usr/bin/env python3
import subprocess
import ipaddress
result = []
result_v4 = subprocess.run(["/usr/bin/curl", "-s4", "me.gandi.net"],
capture_output=True,
text=True).stdout.strip()
try:
ipaddress.IPv4Address(result_v4)
result.append(f'v4="{result_v4}"')
except:
pass
result_v6 = subprocess.run(["/usr/bin/curl", "-s6", "me.gandi.net"],
capture_output=True,
text=True).stdout.strip()
try:
ipaddress.IPv6Address(result_v6)
result.append(f'v6="{result_v6}"')
except:
pass
print(f'public_ip {",".join(result)}')
def start_lan_client(self, wan_gw=None):
# very casual try for ipv6 addr, if we don't get one don't fail for now
try:
self.enable_ipv6(self.iface_dut)
# TODO: how to wait for stateless config?
self.get_interface_ip6addr(self.iface_dut)
except:
self.sendline('dhclient -6 -i -r %s' % self.iface_dut)
self.expect(self.prompt)
self.sendline('dhclient -6 -i -v %s' % self.iface_dut)
if 0 == self.expect([pexpect.TIMEOUT] + self.prompt, timeout=15):
self.sendcontrol('c')
self.expect(self.prompt)
self.sendline('ip -6 addr')
self.expect(self.prompt)
# TODO: this should not be required (fix at some point...)
self.sendline('sysctl -w net.ipv6.conf.%s.accept_dad=0' %
self.iface_dut)
self.sendline('ip link set down %s && ip link set up %s' %
(self.iface_dut, self.iface_dut))
self.expect(self.prompt)
self.disable_ipv6('eth0')
self.sendline('\nifconfig %s up' % self.iface_dut)
self.expect('ifconfig %s up' % self.iface_dut)
self.expect(self.prompt)
self.sendline("dhclient -4 -r %s" % self.iface_dut)
self.expect(self.prompt)
self.sendline('\nifconfig %s 0.0.0.0' % self.iface_dut)
self.expect(self.prompt)
self.sendline('rm /var/lib/dhcp/dhclient.leases')
self.expect(self.prompt)
self.sendline(
"sed -e 's/mv -f $new_resolv_conf $resolv_conf/cat $new_resolv_conf > $resolv_conf/g' -i /sbin/dhclient-script"
)
self.expect(self.prompt)
# TODO: don't hard code eth0
self.sendline('ip route del default dev eth0')
self.expect(self.prompt)
for attempt in range(3):
try:
self.sendline('dhclient -4 -v %s' % self.iface_dut)
self.expect('DHCPOFFER', timeout=30)
self.expect(self.prompt)
break
except:
self.sendcontrol('c')
else:
raise Exception(
"Error: Device on LAN couldn't obtain address via DHCP.")
self.sendline('cat /etc/resolv.conf')
self.expect(self.prompt)
self.sendline('ip addr show dev %s' % self.iface_dut)
self.expect(self.prompt)
self.sendline('ip route')
# TODO: we should verify this so other way, because the they could be the same subnets
# in theory
i = self.expect([
'default via %s dev %s' %
(self.lan_gateway, self.iface_dut), pexpect.TIMEOUT
],
timeout=5)
if i == 1:
# bridged mode
self.is_bridged = True
# update gw
self.sendline("ip route list 0/0 | awk '{print $3}'")
self.expect_exact("ip route list 0/0 | awk '{print $3}'")
self.expect(self.prompt)
self.lan_gateway = ipaddress.IPv4Address(
self.before.strip().decode())
ip_addr = self.get_interface_ipaddr(self.iface_dut)
self.sendline("ip route | grep %s | awk '{print $1}'" % ip_addr)
self.expect_exact("ip route | grep %s | awk '{print $1}'" %
ip_addr)
self.expect(self.prompt)
self.lan_network = ipaddress.IPv4Network(
self.before.strip().decode())
self.sendline('ip -6 route')
self.expect(self.prompt)
# Setup HTTP proxy, so board webserver is accessible via this device
self.sendline('curl --version')
self.expect_exact('curl --version')
self.expect(self.prompt)
self.sendline('ab -V')
self.expect(self.prompt)
self.sendline('nmap --version')
self.expect(self.prompt)
# TODO: determine which config file is the correct one... but for now just modify both
for f in ['/etc/tinyproxy.conf', '/etc/tinyproxy/tinyproxy.conf']:
self.sendline("sed -i 's/^Port 8888/Port 8080/' %s" % f)
self.expect(self.prompt)
self.sendline("sed 's/#Allow/Allow/g' -i %s" % f)
self.expect(self.prompt)
self.sendline("sed '/Listen/d' -i %s" % f)
self.expect(self.prompt)
self.sendline('echo "Listen 0.0.0.0" >> %s' % f)
self.expect(self.prompt)
self.sendline('echo "Listen ::" >> %s' % f)
self.expect(self.prompt)
self.sendline('/etc/init.d/tinyproxy restart')
self.expect('Restarting')
self.expect(self.prompt)
# Write a useful ssh config for routers
self.sendline('mkdir -p ~/.ssh')
self.sendline('cat > ~/.ssh/config << EOF')
self.sendline('Host %s' % self.lan_gateway)
self.sendline('StrictHostKeyChecking no')
self.sendline('UserKnownHostsFile=/dev/null')
self.sendline('')
self.sendline('Host krouter')
self.sendline('Hostname %s' % self.lan_gateway)
self.sendline('StrictHostKeyChecking no')
self.sendline('UserKnownHostsFile=/dev/null')
self.sendline('EOF')
self.expect(self.prompt)
# Copy an id to the router so people don't have to type a password to ssh or scp
self.sendline('nc %s 22 -w 1 | cut -c1-3' % self.lan_gateway)
self.expect_exact('nc %s 22 -w 1 | cut -c1-3' % self.lan_gateway)
if 0 == self.expect(['SSH'] + self.prompt,
timeout=5) and not self.is_bridged:
self.sendcontrol('c')
self.expect(self.prompt)
self.sendline(
'[ -e /root/.ssh/id_rsa ] || ssh-keygen -N "" -f /root/.ssh/id_rsa'
)
if 0 != self.expect(['Protocol mismatch.'] + self.prompt):
self.sendline(
'scp ~/.ssh/id_rsa.pub %s:/etc/dropbear/authorized_keys' %
self.lan_gateway)
if 0 == self.expect(['assword:'] + self.prompt):
self.sendline('password')
self.expect(self.prompt)
else:
self.sendcontrol('c')
self.expect(self.prompt)
if self.install_pkgs_after_dhcp:
self.install_pkgs()
if wan_gw is not None and 'options' in self.kwargs and \
'lan-fixed-route-to-wan' in self.kwargs['options']:
self.sendline('ip route add %s via %s' %
(wan_gw, self.lan_gateway))
self.expect(self.prompt)
def parse_settings(self):
#default values
#defaults
self.serveraddress = self.listener_socket_config.bind_addr
self.subnetmask = 'FF:FF:FF:00'
self.leasetime = random.randint(600, 1000)
self.offer_options = None
self.ack_options = None
self.ip_pool = None
self.poisonermode = PoisonerMode.ANALYSE
start = ipaddress.IPv4Address('192.168.1.100')
end = ipaddress.IPv4Address('192.168.1.200')
ipnet = ipaddress.summarize_address_range(start, end)
if 'ip_pool' in self.settings:
# expected format: 192.168.1.100-200
start = ipaddress.IPv4Address(
self.settings['ip_pool'].split('-')[0].strip())
m = self.settings['ip_pool'].rfind('.')
end = ipaddress.IPv4Address(
self.settings['ip_pool'][:m + 1] +
self.settings['ip_pool'].split('-')[1].strip())
ipnets = ipaddress.summarize_address_range(start, end)
ips = []
for ipnet in ipnets:
for ip in ipnet:
ips.append(ip)
self.ip_pool = iter(ips)
if self.settings is None:
self.log(
'No settings defined, adjusting to Analysis functionality!')
self.poisonermode = PoisonerMode.ANALYSE
else:
if 'mode' in self.settings:
self.poisonermode = PoisonerMode(self.settings['mode'].upper())
if 'subnetmask' in self.settings:
self.subnetmask = self.settings['subnetmask']
if 'leasetime' in self.settings:
self.leasetime = self.settings['leasetime']
if 'offer_options' in self.settings:
if not isinstance(self.settings['offer_options'], list):
raise Exception(
'A list of touples is expected for DHCPoptions')
self.offer_options = []
for code, data in self.settings['offer_options']:
self.offer_options.append(
OPTCode2ClassName[int(code)].from_setting(data))
if 'ack_options' in self.settings:
if not isinstance(self.settings['ack_options'], list):
raise Exception(
'A list of touples is expected for DHCPoptions')
self.ack_options = []
for code, data in self.settings['ack_options']:
self.ack_options.append(
OPTCode2ClassName[int(code)].from_setting(data))
