def print_ipv4_event(cpu, data, size): event = ct.cast(data, ct.POINTER(Data_ipv4)).contents print("3 %-20s -> %-20s %-10s %-10s %-8s %-8s %-12s (%s)" % ("%s:%d" % (inet_ntop(AF_INET, pack('I', event.saddr)), event.sport), "%s:%d" % (inet_ntop(AF_INET, pack('I', event.daddr)), event.dport), "%d" % (event.seq), "%d" % (event.ack), "%d" % (event.srtt >> 3), "%d" % (event.snd_cwnd), tcp.tcpstate[event.state], tcp.flags2str(event.tcpflags)))
def print_ipv6_event(cpu, data, size): event = b["ipv6_events"].event(data) print("%-8s %-6d %-2d %-20s > %-20s %s (%s)" % ( strftime("%H:%M:%S"), event.pid, event.ip, "%s:%d" % (inet_ntop(AF_INET6, event.saddr), event.sport), "%s:%d" % (inet_ntop(AF_INET6, event.daddr), event.dport), tcp.tcpstate[event.state], tcp.flags2str(event.tcpflags))) for addr in stack_traces.walk(event.stack_id): sym = b.ksym(addr, show_offset=True) print("\t%s" % sym) print("")
def print_ipv6_event(cpu, data, size): event = b["ipv6_events"].event(data) print("%-8s %-6d %-2d %-20s > %-20s %s (%s)" % ( strftime("%H:%M:%S"), event.pid, event.ip, "%s:%d" % (inet_ntop(AF_INET6, event.saddr), event.sport), "%s:%d" % (inet_ntop(AF_INET6, event.daddr), event.dport), tcp.tcpstate[event.state], tcp.flags2str(event.tcpflags))) for addr in stack_traces.walk(event.stack_id): sym = b.ksym(addr, show_offset=True) print("\t%s" % sym) print("")
def print_ipv4_event(cpu, data, size): event = ct.cast(data, ct.POINTER(Data_ipv4)).contents print("%-8s %-6d %-2d %-20s > %-20s %s (%s)" % (strftime("%H:%M:%S"), event.pid, event.ip, "%s:%d" % (inet_ntop(AF_INET, pack('I', event.saddr)), event.sport), "%s:%s" % (inet_ntop(AF_INET, pack('I', event.daddr)), event.dport), tcp.tcpstate[event.state], tcp.flags2str(event.tcpflags))) for addr in stack_traces.walk(event.stack_id): sym = b.ksym(addr, show_offset=True) print("\t%s" % sym) print("")
def print_ipv4_event(cpu, data, size): event = ct.cast(data, ct.POINTER(Data_ipv4)).contents print("%-8s %-6d %-2d %-20s > %-20s %s (%s)" % ( strftime("%H:%M:%S"), event.pid, event.ip, "%s:%d" % (inet_ntop(AF_INET, pack('I', event.saddr)), event.sport), "%s:%s" % (inet_ntop(AF_INET, pack('I', event.daddr)), event.dport), tcp.tcpstate[event.state], tcp.flags2str(event.tcpflags))) for addr in stack_traces.walk(event.stack_id): sym = b.ksym(addr, show_offset=True) print("\t%s" % sym) print("")
def print_ipv6_event(cpu, data, size): event = b["ipv6_events"].event(data) print( "%-8s ~ %-6d ~ TCPv%-2d ~ %-16s ~ %-6s ~ %-16s ~ %-6s ~ %s ~ (%s) ~" % ( # changed strftime("%H:%M:%S"), event.pid, event.ip, inet_ntop(AF_INET6, event.saddr), event.sport, inet_ntop(AF_INET6, event.daddr), event.dport, tcp.tcpstate[event.state], tcp.flags2str(event.tcpflags))) for addr in stack_traces.walk(event.stack_id): sym = b.ksym(addr, show_offset=True) print("")
def print_ipv4_event(cpu, data, size): event = ct.cast(data, ct.POINTER(Data_ipv4)).contents print("3 %-20s -> %-20s %-10s %-10s %-12s (%s) %-8s %-8s %-10s %-10s %-10s %-10s %-10s %-10s %-10s %-10s %-10s %-20s %-10s" % ( "%s:%d" % (inet_ntop(AF_INET, pack('I', event.saddr)), event.sport), "%s:%d" % (inet_ntop(AF_INET, pack('I', event.daddr)), event.dport), "%d" % (event.seq), "%d" % (event.ack), tcp.tcpstate[event.state], tcp.flags2str(event.tcpflags), "%d" % (event.srtt >> 3), "%d" % (event.snd_cwnd), "%d" % (event.rcv_wnd), "%d" % (event.total_retrans), "%d" % (event.fastRe), "%d" % (event.timeout), "%d" % (event.bytes_acked), "%d" % (event.bytes_received), "%d" % (event.srtt_sum), "%d" % (event.srtt_counter), "%d" % (event.packets_out), "%d" % (event.duration), "%d" % (event.bytes_inflight)))
def process_event(cpu, data, size, event_type): if event_type not in ['snt', 'rcv']: return global events, prev_met_upd_t if event_type == 'snt': event = b['events'].event(data) elif event_type == 'rcv': event = b['rcv_events'].event(data) #timestamp = "%.6f" % (abs(prev_met_upd_t) * 1000) #prev_met_upd_t = setTimeInfo(event.timestamp) timestamp = event.timestamp connection = { 'src_ip': from_long_to_ip4(event.saddr), 'dst_ip': from_long_to_ip4(event.daddr), 'src_port': event.sport, 'dst_port': ntohs(event.dport), 'transport_protocol': 'TCP', #'transport_protocol': '%sTCP' % ('MP' if event.proto == 1 else ''), 'ip_version': '4' if event.family == 2 else '6' } if event.sk != 0: try: if connection not in meta[event.sk]: meta[event.sk].append(connection) except KeyError: meta[event.sk] = [connection] header = {'flags': tcp.flags2str(event.flags).split('|')} # special case on send RST-ACK, the src port is not defined but is retrieved # through the socket which is used for the connection if connection['src_port'] == 0 and event.sk in meta: # TODO : check if multiple co collected on the sk connection['src_port'] = meta[event.sk][0]['src_port'] print(header['flags']) print(connection) connection = dict(sorted(connection.items())) fco = frozenset(connection.items()) if 'SYN' in header['flags']: header['seq'] = event.seq if len(header['flags']) == 1: connectivity_type = '%sconnection_started' % ('subflow_' if event.proto and (event.parent_saddr != event.saddr or event.parent_daddr != event.daddr) and event.parent_saddr != 0 and event.parent_daddr != 0 else '') conn_data = [connection['src_ip'], connection['src_port'], connection['dst_ip'], connection['dst_port']] group_id = hashlib.md5(json.dumps(conn_data).encode('utf8')).hexdigest() log = [timestamp, 'connectivity', connectivity_type, connection, group_id] if event.proto == 1 and 'subflow' in connectivity_type: # add parent hash if subflow creation parent_id = [from_long_to_ip4(event.parent_saddr), event.parent_sport, from_long_to_ip4(event.parent_daddr), ntohs(event.parent_dport)] print(parent_id) log.append(hashlib.md5(json.dumps(parent_id).encode('utf8')).hexdigest()) events.append(log) if event_type == 'rcv': new_co = { 'src_ip': connection['dst_ip'], 'dst_ip': connection['src_ip'], 'src_port': connection['dst_port'], 'dst_port': connection['src_port'], 'transport_protocol': connection['transport_protocol'], 'ip_version': connection['ip_version'] } new_co = dict(sorted(new_co.items())) fco = frozenset(new_co.items()) try: traces[fco].append(log) except KeyError: traces[fco] = [log] if 'ACK' in header['flags']: if len(header['flags']) > 1: header['seq'] = event.seq header['end_seq'] = event.end_seq header['ack'] = event.ack_seq header['win'] = event.win transport_type = 'packet_received' if event_type == 'rcv' else 'packet_sent' log = [timestamp, 'transport', transport_type, {'header': header}] events.append(log) try: traces[fco].append(log) except KeyError: traces[fco] = [log]