コード例 #1
0
 def copyEntry(msgtype, conntrack, data):
     conn = ConntrackEntry(self, conntrack, msgtype)
     if not filter.filterConnection(conn):
         conn._destroy = False
         return NFCT_CB_CONTINUE
     copyEntry.ctlist.append(conn)
     return NFCT_CB_STOLEN
コード例 #2
0
 def copyEntry(msgtype, conntrack, data):
     conn = ConntrackEntry(self, conntrack, msgtype)
     if not filter.filterConnection(conn):
         conn._destroy = False
         return NFCT_CB_CONTINUE
     copyEntry.ctlist.append(conn)
     return NFCT_CB_STOLEN
コード例 #3
0
def create_conntrack():
    # ----------- create conntrack entry -----------
    conntrack = Conntrack()

    master = ConntrackEntry.new(conntrack)
    master.orig_l3proto = AF_INET
    master.orig_ipv4_src = IP("172.16.127.201")
    master.orig_ipv4_dst = IP("204.152.191.36")
    master.orig_l4proto = IPPROTO_TCP
    master.orig_port_src = 1025
    master.orig_port_dst = 21
    master.setobjopt(NFCT_SOPT_SETUP_REPLY)
    master.tcp_state = TCP_CONNTRACK_LISTEN
    master.timeout = 10
    master.create()

    # ----------- create expect entry -----------
    expect = Expect()

    expected = ConntrackEntry.new(expect)
    expected.orig_l3proto = AF_INET
    expected.orig_ipv4_src = IP("172.16.127.201")
    expected.orig_ipv4_dst = IP("204.152.191.36")
    expected.orig_l4proto = IPPROTO_TCP
    expected.orig_port_src = 10240
    expected.orig_port_dst = 10241

    mask = ConntrackEntry.new(expect)
    mask.orig_l3proto = AF_INET
    mask.orig_ipv4_src = 0xffffffff
    mask.orig_ipv4_dst = 0xffffffff
    mask.orig_l4proto = IPPROTO_TCP
    mask.orig_port_src = 0xffff
    mask.orig_port_dst = 0xffff

    print("add")
    exp = ExpectEntry.new(expect)
    ATTR_EXP_MASTER = 0
    ATTR_EXP_EXPECTED = 1
    ATTR_EXP_MASK = 2
    ATTR_EXP_TIMEOUT = 3
    nfexp_set_attr(exp._handle, ATTR_EXP_MASTER, master._handle)
    nfexp_set_attr(exp._handle, ATTR_EXP_EXPECTED, expected._handle)
    nfexp_set_attr(exp._handle, ATTR_EXP_MASK, mask._handle)
    nfexp_set_attr_u32(exp._handle, ATTR_EXP_TIMEOUT, 200)
    print("FINAL: Create entry")
    exp.create()
コード例 #4
0
def create_conntrack():
    # ----------- create conntrack entry -----------
    conntrack = Conntrack()

    master = ConntrackEntry.new(conntrack)
    master.orig_l3proto = AF_INET
    master.orig_ipv4_src = IP("172.16.127.201")
    master.orig_ipv4_dst = IP("204.152.191.36")
    master.orig_l4proto = IPPROTO_TCP
    master.orig_port_src = 1025
    master.orig_port_dst = 21
    master.setobjopt(NFCT_SOPT_SETUP_REPLY)
    master.tcp_state = TCP_CONNTRACK_LISTEN
    master.timeout = 10
    master.create()

    # ----------- create expect entry -----------
    expect = Expect()

    expected = ConntrackEntry.new(expect)
    expected.orig_l3proto = AF_INET
    expected.orig_ipv4_src = IP("172.16.127.201")
    expected.orig_ipv4_dst = IP("204.152.191.36")
    expected.orig_l4proto = IPPROTO_TCP
    expected.orig_port_src = 10240
    expected.orig_port_dst = 10241

    mask = ConntrackEntry.new(expect)
    mask.orig_l3proto = AF_INET
    mask.orig_ipv4_src = 0xffffffff
    mask.orig_ipv4_dst = 0xffffffff
    mask.orig_l4proto = IPPROTO_TCP
    mask.orig_port_src = 0xffff
    mask.orig_port_dst = 0xffff

    print "add"
    exp = ExpectEntry.new(expect)
    ATTR_EXP_MASTER = 0
    ATTR_EXP_EXPECTED = 1
    ATTR_EXP_MASK = 2
    ATTR_EXP_TIMEOUT = 3
    nfexp_set_attr(exp._handle, ATTR_EXP_MASTER, master._handle)
    nfexp_set_attr(exp._handle, ATTR_EXP_EXPECTED, expected._handle)
    nfexp_set_attr(exp._handle, ATTR_EXP_MASK, mask._handle)
    nfexp_set_attr_u32(exp._handle, ATTR_EXP_TIMEOUT, 200)
    print "FINAL: Create entry"
    exp.create()
コード例 #5
0
def event_cb(msgtype, ct, data):
    global counter
    counter += 1
    if 10 <= counter:
        return NFCT_CB_STOP

    entry = ConntrackEntry(data, ct, msgtype, destroy=False)
    print entry

    return NFCT_CB_CONTINUE
コード例 #6
0
    def dump_table(self, family=AF_INET, event_type=NFCT_T_ALL, filter=None):
        if not filter:
            filter = Filter()
        if HAS_CNETFILTER_CONNTRACK:
            if family != AF_INET:
                raise ValueError("cnetfilter_conntrack only supports IPv4")
            options = filter.createCNetfilterOptions()
            table, total = dump_table_ipv4(self.handle, **options)

            connections = []
            for attr in table:
                handle = attr.pop('handle')
                for key, value in attr.iteritems():
                    if "ipv4" in key:
                        attr[key] = IP(value)
                conn = ConntrackEntry(self, handle, attr=attr)
                connections.append(conn)

            return connections, total
        else:
            # Create a pointer to a 'uint8_t' of the address family
            family = byref(uint8_t(family))

            def copyEntry(msgtype, conntrack, data):
                conn = ConntrackEntry(self, conntrack, msgtype)
                if not filter.filterConnection(conn):
                    conn._destroy = False
                    return NFCT_CB_CONTINUE
                copyEntry.ctlist.append(conn)
                return NFCT_CB_STOLEN

            copyEntry.ctlist = []

            # Install callback, do the query, remove callback
            self.register_callback(copyEntry, event_type)
            self.query(NFCT_Q_DUMP, family)
            self.unregister_callback()
            connset = copyEntry.ctlist

            # Sort the list
            filter.sortTable(connset)

            # Truncated the list
            total = len(connset)
            connset = filter.truncate(connset)

            # Suppress unwanted entries
            return connset, total