Exemplo n.º 1
0
    def proc_resp_get_neighborlist(self, dat):
        """Callback for message RESPONSE_GET_NEIGHBORLIST

        List of neighbor node info (the first one is that of the connecting core) is queued rather than message itself.
        This method must not be overridden.

        Args:
            dat (dict): received message
        """
        if KeyType.neighbor_list not in dat:
            self.queue.put(None)
            return
        neighbor_list = dat[KeyType.neighbor_list]
        results = []
        count = int.from_bytes(neighbor_list[:4], 'big')
        for i in range(count):
            base = 4 + i * (32 + 4 + 16 + 2 + 1 + 8)
            node_id = neighbor_list[base:base + 32]
            ipv4 = socket.inet_ntop(socket.AF_INET,
                                    neighbor_list[base + 32:base + 36])
            ipv6 = socket.inet_ntop(socket.AF_INET6,
                                    neighbor_list[base + 36:base + 52])
            port = socket.ntohs(
                int.from_bytes(neighbor_list[base + 52:base + 54], 'big'))
            domain0 = True if neighbor_list[base + 54] == 0x01 else False
            updated_at = neighbor_list[base + 55:base + 63]
            results.append([node_id, ipv4, ipv6, port, domain0])
        self.queue.put(results)
Exemplo n.º 2
0
    def proc_resp_get_neighborlist(self, dat):
        """
        Return node info

        :param dat:
        :return: list of node info (the first one is that of the connecting core)
        """
        if KeyType.neighbor_list not in dat:
            self.queue.put(None)
            return
        neighbor_list = dat[KeyType.neighbor_list]
        results = []
        count = int.from_bytes(neighbor_list[:4], 'big')
        for i in range(count):
            base = 4 + i * (32 + 4 + 16 + 2 + 1 + 8)
            node_id = neighbor_list[base:base + 32]
            ipv4 = socket.inet_ntop(socket.AF_INET,
                                    neighbor_list[base + 32:base + 36])
            ipv6 = socket.inet_ntop(socket.AF_INET6,
                                    neighbor_list[base + 36:base + 52])
            port = socket.ntohs(
                int.from_bytes(neighbor_list[base + 52:base + 54], 'big'))
            domain0 = True if neighbor_list[base + 54] == 0x01 else False
            updated_at = neighbor_list[base + 55:base + 63]
            results.append([node_id, ipv4, ipv6, port, domain0])
        self.queue.put(results)
Exemplo n.º 3
0
def unpack_addr(addrtype, buf, offset):
    if addrtype == IP_V4:
        addr = socket.inet_ntop(socket.AF_INET, buf[offset:(offset+4)])
        nxt = offset+4
    elif addrtype == IP_V6:
        addr = socket.inet_ntop(socket.AF_INET6, buf[offset:(offset+16)])
        nxt = offset+16
    elif addrtype == DOMAIN_NAME:
        length = struct.unpack('B', buf[offset])[0]
        addr = buf[(offset+1):(offset+1+length)]
        nxt = offset+1+length
    else:
        raise dpkt.UnpackError("Unknown address type %s" % addrtype.encode('hex'))
    return addr, nxt
Exemplo n.º 4
0
def unpack_addr(addrtype, buf, offset):
    if addrtype == IP_V4:
        addr = socket.inet_ntop(socket.AF_INET, buf[offset:(offset + 4)])
        nxt = offset + 4
    elif addrtype == IP_V6:
        addr = socket.inet_ntop(socket.AF_INET6, buf[offset:(offset + 16)])
        nxt = offset + 16
    elif addrtype == DOMAIN_NAME:
        length = struct.unpack('B', buf[offset])[0]
        addr = buf[(offset + 1):(offset + 1 + length)]
        nxt = offset + 1 + length
    else:
        raise dpkt.UnpackError("Unknown address type %s" %
                               addrtype.encode('hex'))
    return addr, nxt
Exemplo n.º 5
0
 def __get_pp_ip(self, addr_family, ip_string, which):
     try:
         packed = socket.inet_pton(addr_family, ip_string.decode("ascii"))
         return socket.inet_ntop(addr_family, packed)
     except (UnicodeDecodeError, socket.error):
         msg = "Invalid proxy protocol {0} IP format".format(which)
         raise AssertionError(msg)
Exemplo n.º 6
0
 def __get_pp_ip(self, addr_family, ip_string, which):
     try:
         packed = socket.inet_pton(addr_family, ip_string.decode('ascii'))
         return socket.inet_ntop(addr_family, packed)
     except (UnicodeDecodeError, socket.error):
         msg = 'Invalid proxy protocol {0} IP format'.format(which)
         raise AssertionError(msg)
Exemplo n.º 7
0
    def socks5Handle(self):
        # 鉴定
        (nmethods,) = self.sock.unpack('B')
        if nmethods > 0:
            (methods,) = self.sock.unpack('B' * nmethods)
            # TODO: 未检查客户端支持的鉴定方式
        self.sock.pack('BB', 0x05, 0x00)
        logging.debug(u'[Socks5Handler]client login')

        # 接收代理请求
        ver, cmd, rsv, atyp = self.sock.unpack('BBBB')

        if ver != 0x05 or cmd != 0x01:
            logging.warn(u'[Socks5Handler]收到未知类型的请求,关闭连接。 ver=%s ,cmd=%s' % (ver, cmd))
            self.sock.pack('BBBBIH', 0x05, 0x07, 0x00, 0x01, 0, 0)
            self.sock.close()
            return

        if atyp == 0x01:
            # ipv4
            host, port = self.sock.unpack('!IH')
            hostname = _socket.inet_ntoa(struct.pack('!I', host))
        elif atyp == 0x03:
            # 域名
            length = self.sock.unpack('B')[0]
            hostname, port = self.sock.unpack("!%dsH" % length)
        elif atyp == 0x04:
            # ipv6
            ipv61, ipv62, port = self.sock.unpack('!2QH')
            hostname = _socket.inet_ntop(_socket.AF_INET6, struct.pack('!2Q', ipv61, ipv62))
        else:
            logging.warn(u'[SClient]收到未知的目的地址类型,关闭连接。 atyp=%s ' % (atyp))
            self.sock.pack('!BBBBIH', 0x05, 0x07, 0x00, 0x01, 0, 0)
            self.sock.close()
            return
        logging.debug(u'[SClient] host:%s   prot:%s' % (hostname, port))

        # 对外发起请求
        try:
            remote_sock = self.server.upstream.create_connection((hostname,port),)
        except:
            logging.exception(u'所有线路连接 tcp host:%s port:%s 失败。'%(hostname,port))
            # TODO: 按照socks5协议,这里应该返回服务器绑定的地址及端口
            # http://blog.csdn.net/testcs_dn/article/details/7915505
            self.sock.pack('!BBBBIH', 0x05, 0x03, 0x00, 0x01, 0, 0)
            self.sock.close()
            return

        if hasattr(remote_sock,'display_name'):
            remote_sock_display_name = remote_sock.display_name
        else:
            remote_sock_display_name = str(remote_sock)

        logging.info(u'连接 tcp目标 host:%s port:%s 通过 %s 建立成功。'%(hostname,port,remote_sock_display_name))

        # TODO: 按照socks5协议,这里应该返回服务器绑定的地址及端口
        # http://blog.csdn.net/testcs_dn/article/details/7915505
        self.sock.pack('!BBBBIH', 0x05, 0x00, 0x00, 0x01, 0, 0)

        self.forward(self.sock,remote_sock,5*60)
Exemplo n.º 8
0
 def __parse_pp_addresses(cls, family, addr_data):
     if family == socket.AF_INET:
         src_ip, dst_ip, src_port, dst_port = \
             struct.unpack('<4s4sHH', addr_data)
         src_addr = (socket.inet_ntop(family, src_ip), src_port)
         dst_addr = (socket.inet_ntop(family, dst_ip), dst_port)
         return src_addr, dst_addr
     elif family == socket.AF_INET6:
         src_ip, dst_ip, src_port, dst_port = \
             struct.unpack('<16s16sHH', addr_data)
         src_addr = (socket.inet_ntop(family, src_ip), src_port)
         dst_addr = (socket.inet_ntop(family, dst_ip), dst_port)
         return src_addr, dst_addr
     elif family == socket.AF_UNIX:
         src_addr, dst_addr = struct.unpack('<108s108s', addr_data)
         return src_addr.rstrip(b'\x00'), dst_addr.rstrip(b'\x00')
     else:
         return unknown_pp_source_address,  unknown_pp_dest_address
Exemplo n.º 9
0
 def __parse_pp_addresses(cls, family, addr_data):
     if family == socket.AF_INET:
         src_ip, dst_ip, src_port, dst_port = \
             struct.unpack('!4s4sHH', addr_data)
         src_addr = (socket.inet_ntop(family, src_ip), src_port)
         dst_addr = (socket.inet_ntop(family, dst_ip), dst_port)
         return src_addr, dst_addr
     elif family == socket.AF_INET6:
         src_ip, dst_ip, src_port, dst_port = \
             struct.unpack('!16s16sHH', addr_data)
         src_addr = (socket.inet_ntop(family, src_ip), src_port)
         dst_addr = (socket.inet_ntop(family, dst_ip), dst_port)
         return src_addr, dst_addr
     elif family == socket.AF_UNIX:
         src_addr, dst_addr = struct.unpack('!108s108s', addr_data)
         return src_addr.rstrip(b'\x00'), dst_addr.rstrip(b'\x00')
     else:
         return unknown_pp_source_address, unknown_pp_dest_address
Exemplo n.º 10
0
def parse_template_data(version, ip):
    TEMPLATE = TEMPLATE_CACHE
    DATA = DATA_CACHE
    if version == 10:
        TEMPLATE = IPFIX_TEMPLATE_CACHE
        DATA = IPFIX_DATA_CACHE

    template_info = TEMPLATE.get(ip)
    data_info = DATA.get(ip)
    #log.debug("temlate : %s and data: %s", template_info, data_info)
    if not template_info:
        log.info("No any template flowset found till date.")
    elif not data_info:
        log.info("No any data flowset found till date.")
    else:
        data_dict = []
        for template_id, temp_fields in template_info.iteritems():
            field_cnt = len(temp_fields)

            data_record_list = data_info.get(template_id)
            if not data_record_list:
                log.info("Corresponding data for template_id:%s  not found.",
                         template_id)
                continue
            for record in data_record_list:
                record_len, single_data = record
                field_dict = {}  #dict of field values
                i = 0
                for field in xrange(field_cnt):
                    field_type_temp, temp_len = temp_fields[field]
                    start = i
                    end = start + temp_len
                    i = i + temp_len

                    if temp_len == 1:
                        val = ord(single_data[start])
                    elif temp_len == 2:
                        val = socket.ntohs(
                            struct.unpack('H', single_data[start:end])[0])
                    elif temp_len == 4:
                        val = socket.ntohl(
                            struct.unpack('I', single_data[start:end])[0])
                    elif temp_len == 16:
                        val = socket.inet_ntop(socket.AF_INET6,
                                               single_data[start:end])

                    field_dict[field_type_temp] = val

                _raw_data = single_data
                data_dict.append(({template_id: field_dict}, _raw_data))

            #log.debug("netflow_v9; data dict: %s", data_dict)
            #log.debug("netflow_v9; length data dict: %s", len(data_dict))
            if template_id in data_info:
                del DATA[ip][template_id]
            #log.debug("second : %s", DATA)
        return data_dict
Exemplo n.º 11
0
def get_data128_addr(raw_data):
    global data
    data = raw_data
    skip_bytes(data, 16)
    #return socket.ntohl(struct.unpack('!L',raw_data[12:16])[0])
    return socket.inet_ntop(socket.AF_INET6, raw_data[0:16])
Exemplo n.º 12
0
 def get_data128_addr(self):
     raw_data = self.data
     self.skip_bytes(16)
     #return socket.ntohl(struct.unpack('!L',raw_data[12:16])[0])
     return socket.inet_ntop(socket.AF_INET6, raw_data[0:16])
Exemplo n.º 13
0
                            if temp_len == 1:
                                val = ord(data_header_list[record][2][start])
                            elif temp_len == 2:
                                val = socket.ntohs(
                                    struct.unpack(
                                        'H', data_header_list[record][2]
                                        [start:end])[0])
                            elif temp_len == 4:
                                #val = socket.ntohl(struct.unpack('!L', data_data_dict[temp_id][start:end])[0])
                                val = (struct.unpack(
                                    '!L',
                                    data_header_list[record][2][start:end])[0])
                            elif temp_len == 16:
                                val = socket.inet_ntop(
                                    socket.AF_INET6,
                                    data_header_list[record][2][start:end])

                            field_list.append(val)
                            field_dict[field_type_temp] = val

                        _raw_data = data_header_list[record][2]
                        #_packet_type = template_data_dict_encoded[temp_id]
                        data_dict.append(({temp_id: field_dict}, _raw_data))
                        temp_data_dict[temp_id] = field_list

                        #log.debug("temp data_dict : %s", temp_data_dict)
                        #
                        #log.debug("netflow_v9; flowset_id: %s", flowset_id)
                        #log.debug("netflow_v9; template template : %s", template_template_list)
                        #log.debug("netflow_v9; data header lsit: %s", data_header_list)
Exemplo n.º 14
0
 def create_tuple(af, packed):
     address_host = socket.inet_ntop(af, packed)
     return address_tuple(af, (address_host, port))
Exemplo n.º 15
0
 def src_asstring(self):
     return inet_ntop(AF_INET, struct.pack("i", self.header["src"]))
Exemplo n.º 16
0
 def dst_asstring(self):
     return inet_ntop(AF_INET, struct.pack("i", self.header["dst"]))