def get_whole_packet_array(pcap_file, proto): labels = [] arr = get_array_i(pcap_file, proto) arra = [] pcapa = pcap.pcap(pcap_file) i = 0 for ts, pkt in pcapa: i = i + 1 if i not in arr: continue try: ether = Ethernet(pkt) ip = ether.data if isinstance(ip, str): ip = IP(ether.data) except Exception as e: try: ip = IP(pkt) except: continue tcp = ip.data if isinstance(ip.data, str): tcp = TCP(ip.data) #tmparr = [] arra.append(str(pkt).encode("hex")) return arra
def get_test_array(pcap_file, proto): labels = [] actuals = [] arra = [] pcapa = pcap.pcap(pcap_file) i = 0 for ts, pkt in pcapa: i = i + 1 try: ether = Ethernet(pkt) ip = ether.data if isinstance(ip, str): ip = IP(ether.data) except Exception as e: try: ip = IP(pkt) except: continue if isinstance(ip.data, str): tcp = TCP(ip.data) else: tcp = ip.data tmpstr = "" #tmparr = [] arra.append(conv(tcp.data)) labels.append(proto) actuals.append(i) return (arra, labels, actuals)
def get_array(pcap_file, proto): labels = [] arr = get_array_i(pcap_file, proto) arra = [] pcapa = pcap.pcap(pcap_file) i = 0 for ts, pkt in pcapa: i = i + 1 if i not in arr: continue try: ether = Ethernet(pkt) ip = ether.data if isinstance(ip, str): ip = IP(ether.data) except Exception as e: try: ip = IP(pkt) except: continue tcp = ip.data if isinstance(ip.data, str): tcp = TCP(ip.data) #tmparr = [] arra.append(conv(tcp.data)) labels.append(proto) return (arra, labels)
def Setup(self): self.name = "Ping" self.expect = "gen.output.1" payload = ICMP(type = 8, data=ICMP.Echo(id=123, seq=1, data="12345690")) ip = IP(src=dnet.ip_aton("192.0.2.254"), dst=dnet.ip_aton("192.18.0.10"), id=5624, p=dnet.IP_PROTO_ICMP) ip.data = payload ip.len += len(ip.data) self.packets.append(ip)
def _decryptPacket(self, packet, sessionKey): cipher = RC4(key=sessionKey) plaintext = cipher.update(packet.getData()) if ord(plaintext[0]) == 0x00 and ord(plaintext[1]) == 0x21: ethPacket = packet.getEthernetFrame() ethPacket = copy.deepcopy(ethPacket) ipPacket = IP() ipPacket.unpack(plaintext[2:]) ethPacket.data = ipPacket return ethPacket return None
def run(self): global sock, handle, mtu_size, verbose buf = win32file.AllocateReadBuffer(2000) while True: rc, bytes_recvd = win32file.WSARecv(sock.fileno(), buf, self.overlapped_rx) assert rc == 0 or rc == win32file.WSA_IO_PENDING bytes_recvd = yield p = buf[:bytes_recvd] p = netmsg_to_local(p) p = unpack_header(p) if p: if verbose: print 'tunnel send: ' if (ord(p[0]) & 0xf0) == 0x40: pprint(IP(p)) elif (ord(p[0]) & 0xf0) == 0x60: pprint(IP6(p)) else: print 'Unknown layer 3 protocol' win32file.WriteFile(handle, p, self.overlapped_tx) yield
def incoming(pktlen, pkt, timestamp): eth = Ethernet(pkt) ip = IP(str(eth.data)) tcp = TCP(str(ip.data)) print str(len(tcp.data)).zfill(2) + ' bytes <- ', global first_in global seed_in global rc4_in if first_in: s = tcp.data[:4] seed_in = ord(s[0]) * 0x01000000 + ord(s[1]) * 0x010000 + ord( s[2]) * 0x0100 + ord(s[3]) * 0x01 Skype_RC4_Expand_IV(seed_in, rc4_in) plaintext = RC4_crypt(tcp.data[4:14], rc4_in) print '\t' + str2hex(plaintext) rc4_in = RC4_Context() if len(tcp.data) > 14: Skype_RC4_Expand_IV(seed_in, rc4_in) plaintext = RC4_crypt(str(tcp.data[14:]), rc4_in) print '\t' + str2hex(plaintext) first_in = False else: Skype_RC4_Expand_IV(seed_in, rc4_in) plaintext = RC4_crypt(str(tcp.data), rc4_in) print '\t' + str2hex(plaintext)
def decode_raw_ip_payload_src_dst(buf): """Get src,dst ip address from raw ip payload string :param buf: A string buffer containing raw ip payload :return: A typle with source and destination IP strings """ ip = IP(buf) return inet_to_str(ip.src), inet_to_str(ip.dst)
def ingress_loop(packet): global connections global client_log now = datetime.now() network = IP(packet.get_payload()) transport = network.data # modify the packet all you want here # packet.set_payload(str(pkt)) #set the packet content to our modified version # if network.p not in KNOWN_PROTO: # print('[?] unknown protocol: {}'.format(network.p)) # packet.accept() # return src_ip = inet_to_str(network.src) dst_ip = inet_to_str(network.dst) flow = (src_ip, transport.sport, dst_ip, transport.dport) if flow in connections: connections[flow] = connections[flow] + transport.data else: connections[flow] = transport.data flow_addresses = '{}:{},{}:{}'.format(src_ip, transport.sport, dst_ip, transport.dport) print(flow_addresses) # can_modify = transport.seq > 0 and transport.ack > 0 if network.rf or src_ip in TRACKED_CLIENTS: print('got RF set, logging into file...') client_log.log(now) # try: # stream = connections[flow] # if stream[:4] == 'HTTP': # http = Response(stream) # # print(http.status) # else: # http = Request(stream) # # print(http.method, http.uri) # # print(http) # print() # # # If we reached this part an exception hasn't been thrown # stream = stream[len(http):] # if len(stream) == 0: # del connections[flow] # else: # connections[flow] = stream # except UnpackError: # pass return packet.accept()
def main(serverInterface, serverIp): dstaddr = (serverInterface, 2048, 0, 1, clientMac.decode('hex')) # where to send the packets. serveripn = socket.inet_aton(serverIp) # bind on an extra socket, so the kernel knows the udp port is opened. s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s1.bind((serverIp, serverport)) s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(3)) # 3 = ETH_P_ALL, all protocol. # s.bind((serverip, serverport)) s.bind((serverInterface, 0)) print ("generating flows.") flows = [] for i in range(flowct): dstip, srcip, dstport, srcport = getFlowKey(serverIp) flow = [] for j in range(pktsPerFlow): message = struct.pack("i", 1) udpOut = UDP() udpOut.sport = srcport udpOut.dport = dstport udpOut.data = message udpOut.ulen=len(udpOut) udpOut = UDP(str(udpOut)) ipOut = IP(src=srcip, dst=dstip) ipOut.p = 0x11 ipOut.data = UDP(str(udpOut)) ipOut.v = 4 ipOut.len = len(ipOut) ethOut = Ethernet(src=serverMac.decode('hex'), dst=clientMac.decode('hex'), type=ethernet.ETH_TYPE_IP, data = ipOut) eo = str(ethOut) flow.append(str(ethOut)) flows.append(flow) print ("%s flows generated, with %s packets each."%(len(flows), len(flows[0]))) print ("sending flows packets to: %s"%str(dstaddr)) for flow in flows: for pktstr in flow: s.sendto(pktstr, dstaddr) time.sleep(delay) print ("everything send. exiting.") return
def ingress_loop(packet): raw_packet = packet.get_payload() network = IP(raw_packet) src_ip = inet_to_str(network.src) dst_ip = inet_to_str(network.dst) if src_ip not in TRACKED_CLIENTS: return packet.accept() if not is_tor(network): return packet.accept() print('tracked client trying connect to tor') network.rf = 1 if dst_ip in KNOWN_PEERS: raw_packet = update_cksum(network) packet.set_payload(raw_packet) return packet.accept() peer = random.choice(KNOWN_PEERS) network.dst = str_to_inet(peer) raw_packet = update_cksum(network) packet.set_payload(raw_packet) return packet.accept()
def modify_pkt_rnd(net_packet): # net.data is layer 4 packet # so net.data.data is layer 5 or just a payload of layer 4 net = IP(net_packet.get_payload()) tran_len = len(net.data) payload_len = net.len - tran_len if not payload_len: return net.pack() new_data = bytearray(net.data.pack()) for idx in range(10): rnd_byte = randrange(0, payload_len) # God, please, i hope there's no off-by-one error new_data[(tran_len - payload_len) + rnd_byte] = rnd_byte # new_data[rnd_byte] = bytes([rnd_byte]) net.data = new_data return net.pack()
def setUp(self): # echo = dpkt.icmp.ICMP.Echo() # echo.id = random.randint(0, 0xffff) # echo.seq = random.randint(0, 0xffff) # echo.data = 'hello world' # # icmp = dpkt.icmp.ICMP() # icmp.type = dpkt.icmp.ICMP_ECHO # icmp.data = echo # packet generation is done directly using dpkt package and self.packet = Ethernet() ip = IP(src='\x01\x02\x03\x04', dst='\x05\x06\x07\x08', p=1) icmp = ICMP(type=8, data=ICMP.Echo(id=123, seq=1, data='foobar')) ip.data = icmp self.packet.src = "\x00\x00\x55\x55\x00\x00" self.packet.dst = "\x00\x00\x11\x11\x00\x00" self.packet.data = ip self.print_packet(self.packet) self.max_pkt_size = 1400 self.pld_gen = CTRexPktBuilder.CTRexPayloadGen(self.packet, self.max_pkt_size)
def sendRawRequest(socket, clientaddr, serveraddr, userid, dataid): """ sends 1 raw request from clientaddr to serveraddr. """ message = '' message += struct.pack("i", userid) message += struct.pack("i", dataid) # left off: just added this udpOut = UDP() udpOut.sport = udpIn.dport udpOut.dport = udpIn.sport udpOut.data = message udpOut.ulen=len(udpOut) udpOut = UDP(str(udpOut)) ipOut = IP(src=ipIn.dst, dst=ipIn.src) ipOut.p = 0x11 ipOut.data = UDP(str(udpOut)) ipOut.v = 4 ipOut.len = len(ipOut) # put the data id into the dcsp field. (first 6 bits of tos) ipOut.tos = dataid << 2 ethOut = Ethernet(src = ethIn.dst, dst=ethIn.src,type=ethernet.ETH_TYPE_IP, data = ipOut)
def Setup(self): self.name = "SF|SR Probe to Closed Port" self.expect = "detect.output.4" # Packet 1 payload = TCP(sport=555, dport=79, seq=10000, flags=dnet.TH_SYN|dnet.TH_RST) ip = IP(src=dnet.ip_aton("192.0.2.1"), dst=dnet.ip_aton("192.18.0.10"), id=5624, p=dnet.IP_PROTO_TCP) ip.data = payload ip.len += len(ip.data) self.packets.append(ip) # Packet 2 payload = TCP(sport=556, dport=79, seq=10000, flags=dnet.TH_SYN|dnet.TH_FIN) ip = IP(src=dnet.ip_aton("192.0.2.1"), dst=dnet.ip_aton("192.18.0.10"), id=5625, p=dnet.IP_PROTO_TCP) ip.data = payload ip.len += len(ip.data) self.packets.append(ip)
def iterate(pktlen, pkt, timestamp): eth = Ethernet(pkt) if eth.type == ETH_TYPE_IP: ip = IP(str(eth.data)) if ip.p == IP_PROTO_TCP: tcp = TCP(str(ip.data)) f = { 'src': ip.src, 'sport': tcp.sport, 'dst': ip.dst, 'dport': tcp.dport } if not f in self.streams: self.streams.append(f)
def test_opt(): s = b'\x4f\x00\x00\x3c\xae\x08\x00\x00\x40\x06\x18\x10\xc0\xa8\x0a\x26\xc0\xa8\x0a\x01\x87\x27\x08\x01\x02\x03\x04\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x05\x04\x03\x02\x01' ip = IP(s) opts = IPOption(ip.opts) assert (bytes(opts) == ip.opts) opts.length = 12 assert (opts.length == 12) opts.copy = 1 assert (opts.copy == 1) raw_opts = b'\x44\x0c\x05\x01\x00\x00\x00\x00\x00\x00\x00\x00' new_opts = IPOption(type=0x44, length=0x0c, data=b'\x05\x01\x00\x00\x00\x00\x00\x00\x00\x00') assert (raw_opts == bytes(new_opts))
def send_packet(fp, msg): http = u"HTTP/1.1 %s\r\n\r\njust for fun" % msg tcp = TCP(sport=80, dport=random.uniform(0, 65535), data=http) ip = IP(src=inet_aton('19.89.6.4'), dst=inet_aton('20.13.9.27'), p=IP_PROTO_TCP, data=tcp, len=20 + len(str(tcp))) eth = Ethernet(src='\xac\xf7\xf3\x00\x00\x00', dst='\x00\x00\x00\x00\x00\x00', data=ip) packet = str(eth) if (pcap_sendpacket(fp, build_packet(packet), len(packet)) != 0): print("Error sending the packet:\n %s" % pcap_geterr(fp))
def load_ip_packet_from_ethernet_frame( packet_data: bytes) -> Union[IP, IP6]: if isinstance(packet_data, (IP, IP6)): return packet_data # Packet data is bytes because it is a fragmented packet. try: return IP(packet_data) except dpkt.dpkt.UnpackError: return IP6( packet_data) # When IPv6 packet is encapsulated in IPv4 packet except BaseException as ex: logging.error( 'Can not parse Ethernet frame as IPv4 or IPv6 packet. Error: `%s`', ex) raise ex
def Setup(self): self.name = "Connection to open port" self.expect = "gen.output.2" # Packet 1 payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN) ip = IP(src=dnet.ip_aton("192.0.2.254"), dst=dnet.ip_aton("192.18.0.10"), id=5624, p=dnet.IP_PROTO_TCP) ip.data = payload ip.len += len(ip.data) self.packets.append(ip) # Packet 2 payload = TCP(sport=555, dport=80, seq=10001, ack=194595108, flags=dnet.TH_ACK) ip = IP(src=dnet.ip_aton("192.0.2.254"), dst=dnet.ip_aton("192.18.0.10"), id=5625, p=dnet.IP_PROTO_TCP) ip.data = payload ip.len += len(ip.data) self.packets.append(ip) # Packet 3 payload = TCP(sport=555, dport=80, seq=10001, ack=194595108, flags=dnet.TH_ACK) payload.data = 'Honeyd fools you' ip = IP(src=dnet.ip_aton("192.0.2.254"), dst=dnet.ip_aton("192.18.0.10"), id=5625, p=dnet.IP_PROTO_TCP) ip.data = payload ip.len += len(ip.data) self.packets.append(ip)
def Setup(self): self.name = "Routing to Open Port" self.expect = "route.output.1" # Packet 1 payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN) ip = IP(src=dnet.ip_aton("192.0.2.1"), dst=dnet.ip_aton("192.18.3.10"), id=8143, ttl=1, p=dnet.IP_PROTO_TCP) ip.data = payload ip.len += len(ip.data) self.packets.append(ip) # Packet 2 payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN) ip = IP(src=dnet.ip_aton("192.0.2.1"), dst=dnet.ip_aton("192.18.3.10"), id=8144, ttl=2, p=dnet.IP_PROTO_TCP) ip.data = payload ip.len += len(ip.data) self.packets.append(ip) # Packet 3 payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN) ip = IP(src=dnet.ip_aton("192.0.2.1"), dst=dnet.ip_aton("192.18.3.10"), id=8145, ttl=3, p=dnet.IP_PROTO_TCP) ip.data = payload ip.len += len(ip.data) self.packets.append(ip)
def iterate(pktlen, pkt, timestamp): eth = Ethernet(pkt) if eth.type == ETH_TYPE_IP: ip = IP(str(eth.data)) if ip.p == IP_PROTO_TCP: tcp = TCP(str(ip.data)) if len(tcp.data) > 0: if (outgoing is not None and ip.src == self.stream['src'] and tcp.sport == self.stream['sport'] and ip.dst == self.stream['dst'] and tcp.dport == self.stream['dport']): outgoing(pktlen, pkt, timestamp) if (incoming is not None and ip.src == self.stream['dst'] and tcp.sport == self.stream['dport'] and ip.dst == self.stream['src'] and tcp.dport == self.stream['sport']): incoming(pktlen, pkt, timestamp)
def sniffer(): packet = Ether() / IP(dst="1.2.3.4") / UDP(dport=123) wrpcap('foo.pcap', [packet]) f = open('foo.pcap', 'rb') pcap = dpkt.pcap.Reader(f) sniffed = "" for ts, buf in pcap: eth = dpkt.ethernet.Ethernet(buf) if eth.type != dpkt.ethernet.ETH_TYPE_IP: print('Non IP Packet type not supported') continue ip = eth.data do_not_fragment = bool(dpkt.ip.IP_DF) more_fragments = bool(dpkt.ip.IP_MF) fragment_offset = ip.off & dpkt.ip.IP_OFFMASK sniffed = 'IP: '+str(ipaddress.ip_address(ip.src)) + ' -> '+str(ipaddress.ip_address(ip.dst)) + ' len='+str(ip.len) + ' ttl='+str(ip.ttl) + ' DF='+str(do_not_fragment)\ + ' MF='+str(more_fragments) + ' offset='+str(fragment_offset) return sniffed
def run(self): global sock, handle, mtu_size, verbose, now, last_send buf = win32file.AllocateReadBuffer(mtu_size) while True: # wait for data l, _ = win32file.ReadFile(handle, buf, self.overlapped_rx) # ERROR_IO_PENDING, maybe 0 also #assert win32api.GetLastError() == win32file.ERROR_IO_PENDING #rc = win32event.WaitForSingleObject(self.overlapped_rx.hEvent, 1000 * keepalive_interval) bytes_read = yield # overlapped mode, return a PyOVERLAPPEDReadBuffer instead of str p = buf[:bytes_read] if verbose: print 'tunnel recv: ' #pprint(Ethernet(p)) if (ord(p[0]) & 0xf0) == 0x40: pprint(IP(p)) elif (ord(p[0]) & 0xf0) == 0x60: pprint(IP6(p)) else: print 'Unknown layer 3 protocol' continue # not support #sock.sendall(local_to_netmsg(pack_header(p))) rc, bytes_sent = win32file.WSASend(sock.fileno(), local_to_netmsg(pack_header(p)), self.overlapped_tx) # even send not pending, still generate a IOCP queued message bytes_sent = yield assert rc == 0 or rc == win32file.WSA_IO_PENDING last_send = now
#! /usr/bin/env python # -*- coding: utf-8 -*- # vim:fenc=utf-8 # # Copyright © 2017 anatharaman <anatharaman@CSL-C14997> # # Distributed under terms of the MIT license. """ """ import struct import pcap import dpkt from dpkt.ip import IP from dpkt.tcp import TCP file = open("datadump1","wb") for ts,raw_packet in pcap.pcap("C37.118_1PMU_TCP.pcap"): ip = IP(raw_packet[14:]) tcp = ip.data if len(tcp.data) != 0: byte = ":".join("{:02x}".format(ord(c)) for c in tcp.data) file.write(bytearray(tcp.data + "\n")) file.close()
def egress_loop(packet): global connections global blacklist global client_log now = datetime.now() raw_packet = packet.get_payload() network = IP(raw_packet) # modify the packet all you want here # packet.set_payload(str(pkt)) #set the packet content to our modified version transport = network.data src_ip = inet_to_str(network.src) dst_ip = inet_to_str(network.dst) flow = (src_ip, transport.sport, dst_ip, transport.dport) # if flow[3] in [443]: # print('[drop] {}:{} -> {}:{}'.format(flow[0], flow[1], flow[2], flow[3])) # packet.drop() # return if flow in connections: connections[flow] = connections[flow] + transport.data else: connections[flow] = transport.data flow_addresses = '{}:{},{}:{}'.format(src_ip, transport.sport, dst_ip, transport.dport) print(flow_addresses) tracked_client_arrived = client_log.arrived_near(now) # if network.rf or (tracked_client_arrived and dst_ip in KNOWN_PEERS): if tracked_client_arrived and dst_ip in KNOWN_PEERS: print('no RF, setting...') network.rf = 1 network.sum = 0 packet.set_payload(bytes(network)) if transport.dport not in [80]: packet.accept() # if is_marked: print(packet.get_payload()) return try: stream = connections[flow] http = Request(stream) # if src_ip in blacklist: # bad_ip = src_ip # elif dst_ip in blacklist: # bad_ip = dst_ip # else: # bad_ip = 'not listed' bad_host = http.headers['host'] print(flow) if tracked_client_arrived and bad_host in blacklist: print('[drop] blacklisted host: {}, IP: {}'.format( bad_host, dst_ip)) del connections[flow] return packet.drop() # If we reached this part an exception hasn't been thrown stream = stream[len(http):] if len(stream) == 0: del connections[flow] else: connections[flow] = stream except UnpackError: pass packet.accept() # if is_marked: print(packet.get_payload()) return
# This is sample code to generate udp packets # from a pcap file, used for ipfix testing import dpkt import pcap from dpkt.ip import IP from dpkt.udp import UDP idx = 0 for ts, raw_pkt in pcap.pcap('mydump'): ip = IP(raw_pkt[14:]) udp = ip.data f = open('workfile' + str(idx), 'w') f.write(udp.data) f.close() idx = idx + 1
def decode_raw_ip_payload_src_dst(buf): ip = IP(buf) return inet_to_str(ip.src), inet_to_str(ip.dst)
def main(serverInterface, serverIp): dstaddr = (serverInterface, 2048, 0, 1, clientMac.decode('hex')) # where to send the packets. # open a socket to the switch here. Just do a send when you have a # permission that you want to add. You can work in the controller # interface later on, connect right to the switch, for now. declassifierSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) declassifierSocket.connect((declassifierIp, declassifierPort)) print ("connected to declassifier.") serveripn = socket.inet_aton(serverIp) # bind on an extra socket, so the kernel knows the udp port is opened. s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s1.bind((serverIp, serverport)) s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(3)) # 3 = ETH_P_ALL, all protocol. # s.bind((serverip, serverport)) s.bind((serverInterface, 0)) print ("generating permissions") permissionrecords = set() for i in range(permissionct): dstip = socket.inet_aton(socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff)))) srcip = socket.inet_aton(serverIp) dstport = random.randint(1, 50000) srcport = serverport permissionrecord = (dstip, srcip, dstport, srcport) permissionrecords.add(permissionrecord) permission = 1 # the valid permission is always 1. flowPermission = '' flowPermission += srcip flowPermission += dstip flowPermission += struct.pack("!H", srcport) flowPermission += struct.pack("!H", dstport) flowPermission += struct.pack("!i", permission) declassifierSocket.send(flowPermission) time.sleep(permissionDelay) declassifierSocket.close() print ("%s unique flow permissions generated and send to declassifier."%len(permissionrecords)) print ("generating valid flows.") validflows = [] permissionrecords = list(permissionrecords) for i in range(validflowct): validrecord = permissionrecords[i] dstip, srcip, dstport, srcport = validrecord flow = [] for j in range(pktsPerFlow): message = struct.pack("i", 1) udpOut = UDP() udpOut.sport = srcport udpOut.dport = dstport udpOut.data = message udpOut.ulen=len(udpOut) udpOut = UDP(str(udpOut)) ipOut = IP(src=srcip, dst=dstip) ipOut.p = 0x11 ipOut.data = UDP(str(udpOut)) ipOut.v = 4 ipOut.len = len(ipOut) ipOut.tos = 1 << 2 # these are valid flows, so put 1 into the ip dscp field. ethOut = Ethernet(src=serverMac.decode('hex'), dst=clientMac.decode('hex'), type=ethernet.ETH_TYPE_IP, data = ipOut) eo = str(ethOut) flow.append(str(ethOut)) validflows.append(flow) print ("%s valid flows generated, with %s packets each."%(len(validflows), len(validflows[0]))) print ("generating invalidflows") invalidflows = [] for i in range(len(validflows), len(validflows)+invalidflowct): validrecord = permissionrecords[i] dstip, srcip, dstport, srcport = validrecord flow = [] for j in range(pktsPerFlow): message = struct.pack("i", 1) udpOut = UDP() udpOut.sport = srcport udpOut.dport = dstport udpOut.data = message udpOut.ulen=len(udpOut) udpOut = UDP(str(udpOut)) ipOut = IP(src=srcip, dst=dstip) ipOut.p = 0x11 ipOut.data = UDP(str(udpOut)) ipOut.v = 4 ipOut.len = len(ipOut) if j == invalidPacketLoc: ipOut.tos = 0 << 2 # mark the invalid packet. else: ipOut.tos = 1 << 2 # mark the valid packets. ethOut = Ethernet(src=serverMac.decode('hex'), dst=clientMac.decode('hex'), type=ethernet.ETH_TYPE_IP, data = ipOut) flow.append(str(ethOut)) invalidflows.append(flow) print ("%s invalid flows generated, with %s packets each."%(len(invalidflows), len(invalidflows[0]))) print ("sending valid flows packets to: %s"%str(dstaddr)) for flow in validflows: for pktstr in flow: s.sendto(pktstr, dstaddr) time.sleep(delay) print ("sending invalid flow packets to: %s"%str(dstaddr)) for flow in invalidflows: for pktstr in flow: s.sendto(pktstr, dstaddr) time.sleep(delay) print ("everything send. exiting.") return
def main(serverInterface, serverIp): # open a socket to the switch here. Just do a send when you have a # permission that you want to add. You can work in the controller # interface later on, connect right to the switch, for now. declassifierSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) declassifierSocket.connect((declassifierIp, declassifierPort)) print ("connected to declassifier.") serveripn = socket.inet_aton(serverIp) # bind on an extra socket, so the kernel knows the udp port is opened. s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s1.bind((serverIp, serverport)) s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(3)) # 3 = ETH_P_ALL, all protocol. # s.bind((serverip, serverport)) s.bind((serverInterface, 0)) print ("Starting listening loop.") currentPermissions = set() # cache of the current permissions for flows. while True: pkt, srcaddr = s.recvfrom(1514) # 1500 is the mtu.. but still will this work? print srcaddr # print srcaddr # srcaddr = list(srcaddr) # srcaddr[2] = 4 # srcaddr = tuple(srcaddr) if len(pkt)>4: ethIn = Ethernet(pkt) if type(ethIn.data) == IP: ipIn = ethIn.data if type(ipIn.data) == UDP: udpIn = ipIn.data if (ipIn.dst == serveripn) and (ipIn.data.dport == serverport): # print ("got server packet") userid, dataid = struct.unpack("ii", udpIn.data) # print ("got request for user id: %s data id: %s"%(userid, dataid)) # print ("writing flow information to file. ") # flowData = "%s,%s,%s,%s:%s\n"%(socket.inet_ntoa(ipIn.src), socket.inet_ntoa(ipIn.dst), udpIn.sport, udpIn.dport, userid) # f = open(flowDataFile, "a") # f.write(flowData) # f.close() # pack the information about the flow, that # you send to the declassifier. permission = userid flowPermission = '' flowPermission += ipIn.dst flowPermission += ipIn.src flowPermission += struct.pack("!H", udpIn.dport) flowPermission += struct.pack("!H", udpIn.sport) flowPermission += struct.pack("!i", permission) # add the permissions, if they're not added yet. if flowPermission not in currentPermissions: currentPermissions.add(flowPermission) # print ("intended message: %s (%s) --> %s (%s)"%\ # (socket.inet_ntoa(ipIn.dst), udpIn.dport, socket.inet_ntoa(ipIn.src), udpIn.sport)) # send the permission information to the declassifier. # print ("sending %s bytes to declassifier"%len(flowPermission)) declassifierSocket.send(flowPermission) # time.sleep(.000001) # print("flow permissions sent to declassifier.") # response just indicates whether the user has # permission to access it according to the # server. If you see a 0 response at the client, # something is wrong. if userid == dataid: message = struct.pack("i", 1) else: message = struct.pack("i", 0) # print ("sending message back to client") udpOut = UDP() udpOut.sport = udpIn.dport udpOut.dport = udpIn.sport udpOut.data = message udpOut.ulen=len(udpOut) udpOut = UDP(str(udpOut)) ipOut = IP(src=ipIn.dst, dst=ipIn.src) ipOut.p = 0x11 ipOut.data = UDP(str(udpOut)) ipOut.v = 4 ipOut.len = len(ipOut) # put the data id into the dcsp field. (first 6 bits of tos) ipOut.tos = dataid << 2 ethOut = Ethernet(src = ethIn.dst, dst=ethIn.src,type=ethernet.ETH_TYPE_IP, data = ipOut) # print ("-----") # print len(message) # print len(str(udpOut)) # print len(str(ipOut)) # print len(ethOut) # print len(udpIn) # print len(udpOut) # print "_--------_" # print str(udpIn).encode('hex_codec') # print str(udpOut).encode('hex_codec') # print `ethOut` ethOut = str(ethOut) s.sendto(ethOut, srcaddr)