def concrete2pyretic(self, raw_pkt): packet = get_packet_processor().unpack(raw_pkt['raw']) packet['raw'] = raw_pkt['raw'] packet['switch'] = raw_pkt['switch'] packet['inport'] = raw_pkt['inport'] def convert(h, val): if h in ['srcmac', 'dstmac']: return MAC(val) elif h in ['srcip', 'dstip']: return IP(val) else: return val try: vlan_id = packet['vlan_id'] vlan_pcp = packet['vlan_pcp'] extended_values = self.decode_extended_values(vlan_id, vlan_pcp) except KeyError: extended_values = util.frozendict() pyretic_packet = Packet(extended_values) d = { h: convert(h, v) for (h, v) in packet.items() if not h in ['vlan_id', 'vlan_pcp'] } return pyretic_packet.modifymany(d)
def extended_values_from(packet): extended_values = {} for k, v in packet.header.items(): if k not in basic_headers + content_headers and v: extended_values[k] = v elif v and len(v) > 1: extended_values[k] = v[1:] return util.frozendict(extended_values)
def __init__(self, *args, **kwargs): init_map = {} for (k, v) in dict(*args, **kwargs).iteritems(): if v is not None: patterntype = field_patterntype(k) pattern_to_match = patterntype(v) init_map[k] = pattern_to_match else: init_map[k] = None self.map = util.frozendict(init_map) super(match,self).__init__()
def __init__(self, *args, **kwargs): init_map = {} for (k, v) in dict(*args, **kwargs).iteritems(): if v is not None: patterntype = field_patterntype(k) pattern_to_match = patterntype(v) init_map[k] = pattern_to_match else: init_map[k] = None self.map = util.frozendict(init_map) super(match, self).__init__()
def __init__(self, *args, **kwargs): #self.trace = simpleLogger.geTracePyretic() init_map = {} for (k, v) in dict(*args, **kwargs).iteritems(): if v is not None: patterntype = field_patterntype(k) pattern_to_match = patterntype(v) init_map[k] = pattern_to_match else: init_map[k] = None self.map = util.frozendict(init_map) #self.trace("patterns to match: %s\n" % self.map, True) # hph super(match,self).__init__()
def __init__(self, *args, **kwargs): def _get_processed_map(*args, **kwargs): map_dict = dict(*args, **kwargs) for field in ['srcip', 'dstip']: try: val = map_dict[field] map_dict.update({field: util.string_to_network(val)}) except KeyError: pass return map_dict if len(args) == 0 and len(kwargs) == 0: raise TypeError self.map = util.frozendict(_get_processed_map(*args, **kwargs)) self._classifier = self.generate_classifier() super(match,self).__init__()
def concrete2pyretic(self,packet): def convert(h,val): if h in ['srcmac','dstmac']: return MAC(val) elif h in ['srcip','dstip']: return IP(val) else: return val try: vlan_id = packet['vlan_id'] vlan_pcp = packet['vlan_pcp'] extended_values = self.decode_extended_values(vlan_id, vlan_pcp) except KeyError: extended_values = util.frozendict() pyretic_packet = Packet(extended_values) d = { h : convert(h,v) for (h,v) in packet.items() if not h in ['vlan_id','vlan_pcp'] } return pyretic_packet.pushmany(d)
def concrete2pyretic(self, packet): def convert(h, val): if h in ['srcmac', 'dstmac']: return MAC(val) elif h in ['srcip', 'dstip']: return IP(val) else: return val try: vlan_id = packet['vlan_id'] vlan_pcp = packet['vlan_pcp'] extended_values = self.decode_extended_values(vlan_id, vlan_pcp) except KeyError: extended_values = util.frozendict() pyretic_packet = Packet(extended_values) d = { h: convert(h, v) for (h, v) in packet.items() if not h in ['vlan_id', 'vlan_pcp'] } return pyretic_packet.modifymany(d)
def concrete2pyretic(self,raw_pkt): packet = get_packet_processor().unpack(raw_pkt['raw']) packet['raw'] = raw_pkt['raw'] packet['switch'] = raw_pkt['switch'] packet['inport'] = raw_pkt['inport'] def convert(h,val): if h in ['srcmac','dstmac']: return MAC(val) elif h in ['srcip','dstip']: return IP(val) else: return val try: vlan_id = packet['vlan_id'] vlan_pcp = packet['vlan_pcp'] extended_values = self.decode_extended_values(vlan_id, vlan_pcp) except KeyError: extended_values = util.frozendict() pyretic_packet = Packet(extended_values) d = { h : convert(h,v) for (h,v) in packet.items() if not h in ['vlan_id','vlan_pcp'] } return pyretic_packet.modifymany(d)
def __init__(self, *args, **kwargs): if len(args) == 0 and len(kwargs) == 0: raise TypeError self.map = util.frozendict(dict(*args, **kwargs)) self._classifier = self.generate_classifier() super(match,self).__init__()
def __init__(self, state={}): self.header = util.frozendict(state)
def extended_values_from(packet): extended_values = {} for k, v in packet.header.items(): if k not in basic_headers + content_headers + location_headers and v: extended_values[k] = v return util.frozendict(extended_values)
def get_count_key(pkt): predwise_count_key = ['ethtype', 'srcip', 'dstip', 'switch', 'port'] return util.frozendict({k: pkt[k] for k in predwise_count_key})
def nf_to_pyretic(self, nf_line): """ Parse one line of netflow/sflow output and return a pyretic `Packet`-like structure for evaluation by pyretic policies. """ cls = self.__class__ def convert(h,val): if h in ['srcmac','dstmac']: return MAC(val) elif h in ['srcip','dstip']: try: return IP(val) except: # IPv6 packets are not processed well in the IP class return val elif h in ['packets', 'bytes', 'flows', 'port', 'vlan_id', 'srcport', 'dstport']: return int(float(val)) elif h in ['protocol']: return int(val) elif h in ['bps', 'Bpp']: return float(val) else: return val def parse_line(l): parts = l.split()[3:] order = ['switch', 'protocol', 'srcip', 'dstip', 'srcport', 'dstport', 'vlan_id', 'srcmac', 'dstmac', 'port', 'packets','bytes', 'bps', 'Bpp', 'flows'] headers = {} for i in range(0, len(order)): headers[order[i]] = parts[i] ''' TODO(): There doesn't seem to be a way to figure out the ethertype of a packet from nfdump. The manpage doesn't give any hints, and it is documented that this was an issue as recently as 2014: see http://sourceforge.net/p/nfdump/mailman/message/33085997/ So we just set it automatically to IP. ''' headers['ethtype'] = 2048 return headers def adjust_location(headers): imap = cls.intfs_map if headers['port'] in cls.intfs_map: (sw, port, _) = cls.intfs_map[headers['port']] headers.update({'switch': sw, 'port': port}) return headers def process_vlan(headers): '''The returned VLAN label from nfdump tools is actually a 2 byte combination of the VLAN id (12 bits), a CFI bit, and the VLAN priority (3 bits) which are arranged in that order from least to most significant bits (see [1-4] below). Given that netflow/IPFIX export this information, and that nfcapd output format remains consistent across netflow and sflow, I believe that sflow captures should be no different. @ngsrinivas [1] ipfix RFC. http://tools.ietf.org/html/rfc5102#section-5.6.3 [2] Table 6, netflow V9 record format. http://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9.html [3] VLAN tag frame format https://wiki.wireshark.org/VLAN [4] libnfread: read netflow records from nfcapd output files. https://github.com/switch-ch/nfdump-libnfread/blob/master/bin/pcaproc.c#L416 (see https://github.com/switch-ch/nfdump-libnfread) ''' if 'vlan_id' in headers: tag = headers['vlan_id'] headers.update({'vlan_id': tag & 0xfff, 'vlan_pcp': ((tag & 0xf000) >> 13) & 7, 'vlan_cfi': ((tag & 0xf000) >> 12) & 1}) return headers h1 = parse_line(nf_line.strip()) h2 = { h : convert(h,v) for (h,v) in h1.items() } h3 = adjust_location(h2) h4 = process_vlan(h3) h4['raw'] = 'junk' pyretic_pkt = Packet(util.frozendict()) return pyretic_pkt.modifymany(h4)