def flow_handler(self, flow): protocol = flow.prot if type(self.ignore_ipprotocol) is list and protocol in self.ignore_ipprotocol: protocol = -1 try: netdata.IPTYPE[protocol] if protocol in self.lIPProtocol: self.lIPProtocol[protocol] += flow.dPkts else: self.lIPProtocol[protocol] = flow.dPkts self.lIPList.append(protocol) except KeyError: pass if protocol == netdata.IPTYPE_TCP or protocol == netdata.IPTYPE_UDP: src = netutils.ip_reverse(flow.srcaddr_raw) dst = netutils.ip_reverse(flow.dstaddr_raw) bsrc = netutils.ip_is_reserved(src) bdst = netutils.ip_is_reserved(dst) port = -1 if not bsrc: port = flow.srcport elif not bdst: port = flow.dstport # Remove local ports (cannot determine good port) # else: # try: # netdata.PORTSLIST[flow.srcport] # port = flow.srcport # except KeyError: # try: # netdata.PORTSLIST[flow.dstport] # port = flow.dstport # except KeyError: # pass # List of IP protocols if type(self.ignore_port) is list and port in self.ignore_port: port = -1 if port > 0: try: netdata.PORTSLIST[port] try: self.lPortProtocol[port] += flow.dPkts except KeyError: self.lPortProtocol[port] = flow.dPkts except KeyError: pass
def flow_handler(self, flow): protocol = flow.prot if type(self.ignore_ipprotocol ) is list and protocol in self.ignore_ipprotocol: protocol = -1 try: netdata.IPTYPE[protocol] if protocol in self.lIPProtocol: self.lIPProtocol[protocol] += flow.dPkts else: self.lIPProtocol[protocol] = flow.dPkts self.lIPList.append(protocol) except KeyError: pass if protocol == netdata.IPTYPE_TCP or protocol == netdata.IPTYPE_UDP: src = netutils.ip_reverse(flow.srcaddr_raw) dst = netutils.ip_reverse(flow.dstaddr_raw) bsrc = netutils.ip_is_reserved(src) bdst = netutils.ip_is_reserved(dst) port = -1 if not bsrc: port = flow.srcport elif not bdst: port = flow.dstport # Remove local ports (cannot determine good port) # else: # try: # netdata.PORTSLIST[flow.srcport] # port = flow.srcport # except KeyError: # try: # netdata.PORTSLIST[flow.dstport] # port = flow.dstport # except KeyError: # pass # List of IP protocols if type(self.ignore_port) is list and port in self.ignore_port: port = -1 if port > 0: try: netdata.PORTSLIST[port] try: self.lPortProtocol[port] += flow.dPkts except KeyError: self.lPortProtocol[port] = flow.dPkts except KeyError: pass
def flow_handler(self, flow): src = netutils.ip_reverse(flow.srcaddr_raw) dst = netutils.ip_reverse(flow.dstaddr_raw) bsrc = netutils.ip_is_reserved(src) bdst = netutils.ip_is_reserved(dst) if bsrc and bdst: self.add_loccomm(src, dst, flow.dOctets) elif not bsrc and bdst: self.add_loccomm(-1, dst, flow.dOctets) elif bsrc and not bdst: self.add_loccomm(src, -1, flow.dOctets) else: print "This packet is stupid"
def flow_handler(self, flow): src = netutils.ip_reverse(flow.srcaddr_raw) self.add_ip_list_outside(src)