def proc_resp_get_neighborlist(self, dat): """Callback for message RESPONSE_GET_NEIGHBORLIST List of neighbor node info (the first one is that of the connecting core) is queued rather than message itself. This method must not be overridden. Args: dat (dict): received message """ if KeyType.neighbor_list not in dat: self.queue.put(None) return neighbor_list = dat[KeyType.neighbor_list] results = [] count = int.from_bytes(neighbor_list[:4], 'big') for i in range(count): base = 4 + i * (32 + 4 + 16 + 2 + 1 + 8) node_id = neighbor_list[base:base + 32] ipv4 = socket.inet_ntop(socket.AF_INET, neighbor_list[base + 32:base + 36]) ipv6 = socket.inet_ntop(socket.AF_INET6, neighbor_list[base + 36:base + 52]) port = socket.ntohs( int.from_bytes(neighbor_list[base + 52:base + 54], 'big')) domain0 = True if neighbor_list[base + 54] == 0x01 else False updated_at = neighbor_list[base + 55:base + 63] results.append([node_id, ipv4, ipv6, port, domain0]) self.queue.put(results)
def proc_resp_get_neighborlist(self, dat): """ Return node info :param dat: :return: list of node info (the first one is that of the connecting core) """ if KeyType.neighbor_list not in dat: self.queue.put(None) return neighbor_list = dat[KeyType.neighbor_list] results = [] count = int.from_bytes(neighbor_list[:4], 'big') for i in range(count): base = 4 + i * (32 + 4 + 16 + 2 + 1 + 8) node_id = neighbor_list[base:base + 32] ipv4 = socket.inet_ntop(socket.AF_INET, neighbor_list[base + 32:base + 36]) ipv6 = socket.inet_ntop(socket.AF_INET6, neighbor_list[base + 36:base + 52]) port = socket.ntohs( int.from_bytes(neighbor_list[base + 52:base + 54], 'big')) domain0 = True if neighbor_list[base + 54] == 0x01 else False updated_at = neighbor_list[base + 55:base + 63] results.append([node_id, ipv4, ipv6, port, domain0]) self.queue.put(results)
def unpack_addr(addrtype, buf, offset): if addrtype == IP_V4: addr = socket.inet_ntop(socket.AF_INET, buf[offset:(offset+4)]) nxt = offset+4 elif addrtype == IP_V6: addr = socket.inet_ntop(socket.AF_INET6, buf[offset:(offset+16)]) nxt = offset+16 elif addrtype == DOMAIN_NAME: length = struct.unpack('B', buf[offset])[0] addr = buf[(offset+1):(offset+1+length)] nxt = offset+1+length else: raise dpkt.UnpackError("Unknown address type %s" % addrtype.encode('hex')) return addr, nxt
def unpack_addr(addrtype, buf, offset): if addrtype == IP_V4: addr = socket.inet_ntop(socket.AF_INET, buf[offset:(offset + 4)]) nxt = offset + 4 elif addrtype == IP_V6: addr = socket.inet_ntop(socket.AF_INET6, buf[offset:(offset + 16)]) nxt = offset + 16 elif addrtype == DOMAIN_NAME: length = struct.unpack('B', buf[offset])[0] addr = buf[(offset + 1):(offset + 1 + length)] nxt = offset + 1 + length else: raise dpkt.UnpackError("Unknown address type %s" % addrtype.encode('hex')) return addr, nxt
def __get_pp_ip(self, addr_family, ip_string, which): try: packed = socket.inet_pton(addr_family, ip_string.decode("ascii")) return socket.inet_ntop(addr_family, packed) except (UnicodeDecodeError, socket.error): msg = "Invalid proxy protocol {0} IP format".format(which) raise AssertionError(msg)
def __get_pp_ip(self, addr_family, ip_string, which): try: packed = socket.inet_pton(addr_family, ip_string.decode('ascii')) return socket.inet_ntop(addr_family, packed) except (UnicodeDecodeError, socket.error): msg = 'Invalid proxy protocol {0} IP format'.format(which) raise AssertionError(msg)
def socks5Handle(self): # 鉴定 (nmethods,) = self.sock.unpack('B') if nmethods > 0: (methods,) = self.sock.unpack('B' * nmethods) # TODO: 未检查客户端支持的鉴定方式 self.sock.pack('BB', 0x05, 0x00) logging.debug(u'[Socks5Handler]client login') # 接收代理请求 ver, cmd, rsv, atyp = self.sock.unpack('BBBB') if ver != 0x05 or cmd != 0x01: logging.warn(u'[Socks5Handler]收到未知类型的请求,关闭连接。 ver=%s ,cmd=%s' % (ver, cmd)) self.sock.pack('BBBBIH', 0x05, 0x07, 0x00, 0x01, 0, 0) self.sock.close() return if atyp == 0x01: # ipv4 host, port = self.sock.unpack('!IH') hostname = _socket.inet_ntoa(struct.pack('!I', host)) elif atyp == 0x03: # 域名 length = self.sock.unpack('B')[0] hostname, port = self.sock.unpack("!%dsH" % length) elif atyp == 0x04: # ipv6 ipv61, ipv62, port = self.sock.unpack('!2QH') hostname = _socket.inet_ntop(_socket.AF_INET6, struct.pack('!2Q', ipv61, ipv62)) else: logging.warn(u'[SClient]收到未知的目的地址类型,关闭连接。 atyp=%s ' % (atyp)) self.sock.pack('!BBBBIH', 0x05, 0x07, 0x00, 0x01, 0, 0) self.sock.close() return logging.debug(u'[SClient] host:%s prot:%s' % (hostname, port)) # 对外发起请求 try: remote_sock = self.server.upstream.create_connection((hostname,port),) except: logging.exception(u'所有线路连接 tcp host:%s port:%s 失败。'%(hostname,port)) # TODO: 按照socks5协议,这里应该返回服务器绑定的地址及端口 # http://blog.csdn.net/testcs_dn/article/details/7915505 self.sock.pack('!BBBBIH', 0x05, 0x03, 0x00, 0x01, 0, 0) self.sock.close() return if hasattr(remote_sock,'display_name'): remote_sock_display_name = remote_sock.display_name else: remote_sock_display_name = str(remote_sock) logging.info(u'连接 tcp目标 host:%s port:%s 通过 %s 建立成功。'%(hostname,port,remote_sock_display_name)) # TODO: 按照socks5协议,这里应该返回服务器绑定的地址及端口 # http://blog.csdn.net/testcs_dn/article/details/7915505 self.sock.pack('!BBBBIH', 0x05, 0x00, 0x00, 0x01, 0, 0) self.forward(self.sock,remote_sock,5*60)
def __parse_pp_addresses(cls, family, addr_data): if family == socket.AF_INET: src_ip, dst_ip, src_port, dst_port = \ struct.unpack('<4s4sHH', addr_data) src_addr = (socket.inet_ntop(family, src_ip), src_port) dst_addr = (socket.inet_ntop(family, dst_ip), dst_port) return src_addr, dst_addr elif family == socket.AF_INET6: src_ip, dst_ip, src_port, dst_port = \ struct.unpack('<16s16sHH', addr_data) src_addr = (socket.inet_ntop(family, src_ip), src_port) dst_addr = (socket.inet_ntop(family, dst_ip), dst_port) return src_addr, dst_addr elif family == socket.AF_UNIX: src_addr, dst_addr = struct.unpack('<108s108s', addr_data) return src_addr.rstrip(b'\x00'), dst_addr.rstrip(b'\x00') else: return unknown_pp_source_address, unknown_pp_dest_address
def __parse_pp_addresses(cls, family, addr_data): if family == socket.AF_INET: src_ip, dst_ip, src_port, dst_port = \ struct.unpack('!4s4sHH', addr_data) src_addr = (socket.inet_ntop(family, src_ip), src_port) dst_addr = (socket.inet_ntop(family, dst_ip), dst_port) return src_addr, dst_addr elif family == socket.AF_INET6: src_ip, dst_ip, src_port, dst_port = \ struct.unpack('!16s16sHH', addr_data) src_addr = (socket.inet_ntop(family, src_ip), src_port) dst_addr = (socket.inet_ntop(family, dst_ip), dst_port) return src_addr, dst_addr elif family == socket.AF_UNIX: src_addr, dst_addr = struct.unpack('!108s108s', addr_data) return src_addr.rstrip(b'\x00'), dst_addr.rstrip(b'\x00') else: return unknown_pp_source_address, unknown_pp_dest_address
def parse_template_data(version, ip): TEMPLATE = TEMPLATE_CACHE DATA = DATA_CACHE if version == 10: TEMPLATE = IPFIX_TEMPLATE_CACHE DATA = IPFIX_DATA_CACHE template_info = TEMPLATE.get(ip) data_info = DATA.get(ip) #log.debug("temlate : %s and data: %s", template_info, data_info) if not template_info: log.info("No any template flowset found till date.") elif not data_info: log.info("No any data flowset found till date.") else: data_dict = [] for template_id, temp_fields in template_info.iteritems(): field_cnt = len(temp_fields) data_record_list = data_info.get(template_id) if not data_record_list: log.info("Corresponding data for template_id:%s not found.", template_id) continue for record in data_record_list: record_len, single_data = record field_dict = {} #dict of field values i = 0 for field in xrange(field_cnt): field_type_temp, temp_len = temp_fields[field] start = i end = start + temp_len i = i + temp_len if temp_len == 1: val = ord(single_data[start]) elif temp_len == 2: val = socket.ntohs( struct.unpack('H', single_data[start:end])[0]) elif temp_len == 4: val = socket.ntohl( struct.unpack('I', single_data[start:end])[0]) elif temp_len == 16: val = socket.inet_ntop(socket.AF_INET6, single_data[start:end]) field_dict[field_type_temp] = val _raw_data = single_data data_dict.append(({template_id: field_dict}, _raw_data)) #log.debug("netflow_v9; data dict: %s", data_dict) #log.debug("netflow_v9; length data dict: %s", len(data_dict)) if template_id in data_info: del DATA[ip][template_id] #log.debug("second : %s", DATA) return data_dict
def get_data128_addr(raw_data): global data data = raw_data skip_bytes(data, 16) #return socket.ntohl(struct.unpack('!L',raw_data[12:16])[0]) return socket.inet_ntop(socket.AF_INET6, raw_data[0:16])
def get_data128_addr(self): raw_data = self.data self.skip_bytes(16) #return socket.ntohl(struct.unpack('!L',raw_data[12:16])[0]) return socket.inet_ntop(socket.AF_INET6, raw_data[0:16])
if temp_len == 1: val = ord(data_header_list[record][2][start]) elif temp_len == 2: val = socket.ntohs( struct.unpack( 'H', data_header_list[record][2] [start:end])[0]) elif temp_len == 4: #val = socket.ntohl(struct.unpack('!L', data_data_dict[temp_id][start:end])[0]) val = (struct.unpack( '!L', data_header_list[record][2][start:end])[0]) elif temp_len == 16: val = socket.inet_ntop( socket.AF_INET6, data_header_list[record][2][start:end]) field_list.append(val) field_dict[field_type_temp] = val _raw_data = data_header_list[record][2] #_packet_type = template_data_dict_encoded[temp_id] data_dict.append(({temp_id: field_dict}, _raw_data)) temp_data_dict[temp_id] = field_list #log.debug("temp data_dict : %s", temp_data_dict) # #log.debug("netflow_v9; flowset_id: %s", flowset_id) #log.debug("netflow_v9; template template : %s", template_template_list) #log.debug("netflow_v9; data header lsit: %s", data_header_list)
def create_tuple(af, packed): address_host = socket.inet_ntop(af, packed) return address_tuple(af, (address_host, port))
def src_asstring(self): return inet_ntop(AF_INET, struct.pack("i", self.header["src"]))
def dst_asstring(self): return inet_ntop(AF_INET, struct.pack("i", self.header["dst"]))