def proc_resp_get_neighborlist(self, dat):
"""Callback for message RESPONSE_GET_NEIGHBORLIST
List of neighbor node info (the first one is that of the connecting core) is queued rather than message itself.
This method must not be overridden.
Args:
dat (dict): received message
"""
if KeyType.neighbor_list not in dat:
self.queue.put(None)
return
neighbor_list = dat[KeyType.neighbor_list]
results = []
count = int.from_bytes(neighbor_list[:4], 'big')
for i in range(count):
base = 4 + i * (32 + 4 + 16 + 2 + 1 + 8)
node_id = neighbor_list[base:base + 32]
ipv4 = socket.inet_ntop(socket.AF_INET,
neighbor_list[base + 32:base + 36])
ipv6 = socket.inet_ntop(socket.AF_INET6,
neighbor_list[base + 36:base + 52])
port = socket.ntohs(
int.from_bytes(neighbor_list[base + 52:base + 54], 'big'))
domain0 = True if neighbor_list[base + 54] == 0x01 else False
updated_at = neighbor_list[base + 55:base + 63]
results.append([node_id, ipv4, ipv6, port, domain0])
self.queue.put(results)
def proc_resp_get_neighborlist(self, dat):
"""
Return node info
:param dat:
:return: list of node info (the first one is that of the connecting core)
"""
if KeyType.neighbor_list not in dat:
self.queue.put(None)
return
neighbor_list = dat[KeyType.neighbor_list]
results = []
count = int.from_bytes(neighbor_list[:4], 'big')
for i in range(count):
base = 4 + i * (32 + 4 + 16 + 2 + 1 + 8)
node_id = neighbor_list[base:base + 32]
ipv4 = socket.inet_ntop(socket.AF_INET,
neighbor_list[base + 32:base + 36])
ipv6 = socket.inet_ntop(socket.AF_INET6,
neighbor_list[base + 36:base + 52])
port = socket.ntohs(
int.from_bytes(neighbor_list[base + 52:base + 54], 'big'))
domain0 = True if neighbor_list[base + 54] == 0x01 else False
updated_at = neighbor_list[base + 55:base + 63]
results.append([node_id, ipv4, ipv6, port, domain0])
self.queue.put(results)
def unpack_addr(addrtype, buf, offset):
if addrtype == IP_V4:
addr = socket.inet_ntop(socket.AF_INET, buf[offset:(offset+4)])
nxt = offset+4
elif addrtype == IP_V6:
addr = socket.inet_ntop(socket.AF_INET6, buf[offset:(offset+16)])
nxt = offset+16
elif addrtype == DOMAIN_NAME:
length = struct.unpack('B', buf[offset])[0]
addr = buf[(offset+1):(offset+1+length)]
nxt = offset+1+length
else:
raise dpkt.UnpackError("Unknown address type %s" % addrtype.encode('hex'))
return addr, nxt
def unpack_addr(addrtype, buf, offset):
if addrtype == IP_V4:
addr = socket.inet_ntop(socket.AF_INET, buf[offset:(offset + 4)])
nxt = offset + 4
elif addrtype == IP_V6:
addr = socket.inet_ntop(socket.AF_INET6, buf[offset:(offset + 16)])
nxt = offset + 16
elif addrtype == DOMAIN_NAME:
length = struct.unpack('B', buf[offset])[0]
addr = buf[(offset + 1):(offset + 1 + length)]
nxt = offset + 1 + length
else:
raise dpkt.UnpackError("Unknown address type %s" %
addrtype.encode('hex'))
return addr, nxt
def __get_pp_ip(self, addr_family, ip_string, which):
try:
packed = socket.inet_pton(addr_family, ip_string.decode("ascii"))
return socket.inet_ntop(addr_family, packed)
except (UnicodeDecodeError, socket.error):
msg = "Invalid proxy protocol {0} IP format".format(which)
raise AssertionError(msg)
def __get_pp_ip(self, addr_family, ip_string, which):
try:
packed = socket.inet_pton(addr_family, ip_string.decode('ascii'))
return socket.inet_ntop(addr_family, packed)
except (UnicodeDecodeError, socket.error):
msg = 'Invalid proxy protocol {0} IP format'.format(which)
raise AssertionError(msg)
def socks5Handle(self):
# 鉴定
(nmethods,) = self.sock.unpack('B')
if nmethods > 0:
(methods,) = self.sock.unpack('B' * nmethods)
# TODO: 未检查客户端支持的鉴定方式
self.sock.pack('BB', 0x05, 0x00)
logging.debug(u'[Socks5Handler]client login')
# 接收代理请求
ver, cmd, rsv, atyp = self.sock.unpack('BBBB')
if ver != 0x05 or cmd != 0x01:
logging.warn(u'[Socks5Handler]收到未知类型的请求,关闭连接。 ver=%s ,cmd=%s' % (ver, cmd))
self.sock.pack('BBBBIH', 0x05, 0x07, 0x00, 0x01, 0, 0)
self.sock.close()
return
if atyp == 0x01:
# ipv4
host, port = self.sock.unpack('!IH')
hostname = _socket.inet_ntoa(struct.pack('!I', host))
elif atyp == 0x03:
# 域名
length = self.sock.unpack('B')[0]
hostname, port = self.sock.unpack("!%dsH" % length)
elif atyp == 0x04:
# ipv6
ipv61, ipv62, port = self.sock.unpack('!2QH')
hostname = _socket.inet_ntop(_socket.AF_INET6, struct.pack('!2Q', ipv61, ipv62))
else:
logging.warn(u'[SClient]收到未知的目的地址类型,关闭连接。 atyp=%s ' % (atyp))
self.sock.pack('!BBBBIH', 0x05, 0x07, 0x00, 0x01, 0, 0)
self.sock.close()
return
logging.debug(u'[SClient] host:%s prot:%s' % (hostname, port))
# 对外发起请求
try:
remote_sock = self.server.upstream.create_connection((hostname,port),)
except:
logging.exception(u'所有线路连接 tcp host:%s port:%s 失败。'%(hostname,port))
# TODO: 按照socks5协议,这里应该返回服务器绑定的地址及端口
# http://blog.csdn.net/testcs_dn/article/details/7915505
self.sock.pack('!BBBBIH', 0x05, 0x03, 0x00, 0x01, 0, 0)
self.sock.close()
return
if hasattr(remote_sock,'display_name'):
remote_sock_display_name = remote_sock.display_name
else:
remote_sock_display_name = str(remote_sock)
logging.info(u'连接 tcp目标 host:%s port:%s 通过 %s 建立成功。'%(hostname,port,remote_sock_display_name))
# TODO: 按照socks5协议,这里应该返回服务器绑定的地址及端口
# http://blog.csdn.net/testcs_dn/article/details/7915505
self.sock.pack('!BBBBIH', 0x05, 0x00, 0x00, 0x01, 0, 0)
self.forward(self.sock,remote_sock,5*60)
def __parse_pp_addresses(cls, family, addr_data):
if family == socket.AF_INET:
src_ip, dst_ip, src_port, dst_port = \
struct.unpack('<4s4sHH', addr_data)
src_addr = (socket.inet_ntop(family, src_ip), src_port)
dst_addr = (socket.inet_ntop(family, dst_ip), dst_port)
return src_addr, dst_addr
elif family == socket.AF_INET6:
src_ip, dst_ip, src_port, dst_port = \
struct.unpack('<16s16sHH', addr_data)
src_addr = (socket.inet_ntop(family, src_ip), src_port)
dst_addr = (socket.inet_ntop(family, dst_ip), dst_port)
return src_addr, dst_addr
elif family == socket.AF_UNIX:
src_addr, dst_addr = struct.unpack('<108s108s', addr_data)
return src_addr.rstrip(b'\x00'), dst_addr.rstrip(b'\x00')
else:
return unknown_pp_source_address, unknown_pp_dest_address
def __parse_pp_addresses(cls, family, addr_data):
if family == socket.AF_INET:
src_ip, dst_ip, src_port, dst_port = \
struct.unpack('!4s4sHH', addr_data)
src_addr = (socket.inet_ntop(family, src_ip), src_port)
dst_addr = (socket.inet_ntop(family, dst_ip), dst_port)
return src_addr, dst_addr
elif family == socket.AF_INET6:
src_ip, dst_ip, src_port, dst_port = \
struct.unpack('!16s16sHH', addr_data)
src_addr = (socket.inet_ntop(family, src_ip), src_port)
dst_addr = (socket.inet_ntop(family, dst_ip), dst_port)
return src_addr, dst_addr
elif family == socket.AF_UNIX:
src_addr, dst_addr = struct.unpack('!108s108s', addr_data)
return src_addr.rstrip(b'\x00'), dst_addr.rstrip(b'\x00')
else:
return unknown_pp_source_address, unknown_pp_dest_address
def parse_template_data(version, ip):
TEMPLATE = TEMPLATE_CACHE
DATA = DATA_CACHE
if version == 10:
TEMPLATE = IPFIX_TEMPLATE_CACHE
DATA = IPFIX_DATA_CACHE
template_info = TEMPLATE.get(ip)
data_info = DATA.get(ip)
#log.debug("temlate : %s and data: %s", template_info, data_info)
if not template_info:
log.info("No any template flowset found till date.")
elif not data_info:
log.info("No any data flowset found till date.")
else:
data_dict = []
for template_id, temp_fields in template_info.iteritems():
field_cnt = len(temp_fields)
data_record_list = data_info.get(template_id)
if not data_record_list:
log.info("Corresponding data for template_id:%s not found.",
template_id)
continue
for record in data_record_list:
record_len, single_data = record
field_dict = {} #dict of field values
i = 0
for field in xrange(field_cnt):
field_type_temp, temp_len = temp_fields[field]
start = i
end = start + temp_len
i = i + temp_len
if temp_len == 1:
val = ord(single_data[start])
elif temp_len == 2:
val = socket.ntohs(
struct.unpack('H', single_data[start:end])[0])
elif temp_len == 4:
val = socket.ntohl(
struct.unpack('I', single_data[start:end])[0])
elif temp_len == 16:
val = socket.inet_ntop(socket.AF_INET6,
single_data[start:end])
field_dict[field_type_temp] = val
_raw_data = single_data
data_dict.append(({template_id: field_dict}, _raw_data))
#log.debug("netflow_v9; data dict: %s", data_dict)
#log.debug("netflow_v9; length data dict: %s", len(data_dict))
if template_id in data_info:
del DATA[ip][template_id]
#log.debug("second : %s", DATA)
return data_dict
def get_data128_addr(raw_data):
global data
data = raw_data
skip_bytes(data, 16)
#return socket.ntohl(struct.unpack('!L',raw_data[12:16])[0])
return socket.inet_ntop(socket.AF_INET6, raw_data[0:16])
def get_data128_addr(self):
raw_data = self.data
self.skip_bytes(16)
#return socket.ntohl(struct.unpack('!L',raw_data[12:16])[0])
return socket.inet_ntop(socket.AF_INET6, raw_data[0:16])
if temp_len == 1:
val = ord(data_header_list[record][2][start])
elif temp_len == 2:
val = socket.ntohs(
struct.unpack(
'H', data_header_list[record][2]
[start:end])[0])
elif temp_len == 4:
#val = socket.ntohl(struct.unpack('!L', data_data_dict[temp_id][start:end])[0])
val = (struct.unpack(
'!L',
data_header_list[record][2][start:end])[0])
elif temp_len == 16:
val = socket.inet_ntop(
socket.AF_INET6,
data_header_list[record][2][start:end])
field_list.append(val)
field_dict[field_type_temp] = val
_raw_data = data_header_list[record][2]
#_packet_type = template_data_dict_encoded[temp_id]
data_dict.append(({temp_id: field_dict}, _raw_data))
temp_data_dict[temp_id] = field_list
#log.debug("temp data_dict : %s", temp_data_dict)
#
#log.debug("netflow_v9; flowset_id: %s", flowset_id)
#log.debug("netflow_v9; template template : %s", template_template_list)
#log.debug("netflow_v9; data header lsit: %s", data_header_list)
def create_tuple(af, packed):
address_host = socket.inet_ntop(af, packed)
return address_tuple(af, (address_host, port))
def src_asstring(self):
return inet_ntop(AF_INET, struct.pack("i", self.header["src"]))
def dst_asstring(self):
return inet_ntop(AF_INET, struct.pack("i", self.header["dst"]))
