def run(self):
if not self.options['modinfo'] and not self.options['modtree']: #No point in doing surgery if it's modinfo or modtree
# Figure out where we're reading packets from
if not self.options['interface']:
if not self.options['filename']:
if not self.options['filelist']:
self.send_finished_msg({'status':'error','errors': 'No input Specified'}, True)
return
else:
self.surgeon = Surgeon(self.options['filelist'])
self.options['filename'] = self.surgeon.create_fifo()
self.surgeon.operate()
else:
if not os.path.exists(self.options['filename']):
self.send_finished_msg({'status':'error','errors':"Unable to find file '%s'" % self.options['filename']}, True)
return
if self.options['aslist']:
#input file is a listing of files to process
self.surgeon = Surgeon([self.options['filename']], self.options['longrun'])
self.options['filename'] = self.surgeon.create_fifo()
#TODO operate right away or later?
self.surgeon.operate(True)
#Send options to Process 2 and tell it to setup
self.kill_lock.acquire()
try:
self.tonids.put(['init', self.options])
except AttributeError:
#usually means tonids is None
#possibly being killed?
pass
except Exception, e:
raise ChopLibException(e)
def run(self):
if not self.options['modinfo'] and not self.options['modtree']: #No point in doing surgery if it's modinfo or modtree
# Figure out where we're reading packets from
if not self.options['interface']:
if not self.options['filename']:
if not self.options['filelist']:
self.send_finished_msg({'status':'error','errors': 'No input Specified'}, True)
return
else:
self.surgeon = Surgeon(self.options['filelist'])
self.options['filename'] = self.surgeon.create_fifo()
self.surgeon.operate()
else:
if not os.path.exists(self.options['filename']):
self.send_finished_msg({'status':'error','errors':"Unable to find file '%s'" % self.options['filename']}, True)
return
if self.options['aslist']:
#input file is a listing of files to process
self.surgeon = Surgeon([self.options['filename']], self.options['longrun'])
self.options['filename'] = self.surgeon.create_fifo()
#TODO operate right away or later?
self.surgeon.operate(True)
#Send options to Process 2 and tell it to setup
self.kill_lock.acquire()
try:
self.tonids.put(['init', self.options])
except AttributeError:
#usually means tonids is None
#possibly being killed?
pass
except Exception, e:
raise ChopLibException(e)
class ChopLib(Thread):
daemon = True
def __init__(self):
Thread.__init__(self, name='ChopLib')
global DEFAULT_MODULE_DIRECTORY
global DEFAULT_EXTLIB_DIRECTORY
pyversion = sys.version_info
pyversion = float(str(pyversion[0]) + "." + str(pyversion[1]))
if pyversion < 2.6:
raise ChopLibException("Minimum Python Version 2.6 Required")
global Queue
global Process
from multiprocessing import Process, Queue
from Queue import Empty
Queue.Empty = Empty #I'd prefer to keep this scoped to Queue
self.options = {
'mod_dir': [DEFAULT_MODULE_DIRECTORY],
'ext_dir': [DEFAULT_EXTLIB_DIRECTORY],
'base_dir': None,
'filename': '',
'filelist': None,
'bpf': None,
'aslist': False,
'longrun': False,
'interface': '',
'modinfo': False,
'modtree': False,
'GMT': False,
'savefiles': False, #Should ChopShop handle the saving of files?
'text': False,
'pyobjout': False,
'jsonout': False,
'modules': ''
}
self.stopped = False
#Setup Interaction Queues
self.tocaller = Queue() #output directly to caller
self.fromnids = Queue() #input queue from nids process
self.tonids = Queue() #output queue to nids process
#Start up Process 2 (Nids Process)
self.nidsp = Process(target=self.__nids_core_runner_,
args=(self.tonids, self.fromnids, self.tocaller))
self.nidsp.daemon = True
self.nidsp.start()
self.chop = None
self.surgeon = None
self.kill_lock = Lock()
@property
def mod_dir(self):
"""Directory to load modules from."""
return self.options['mod_dir']
@mod_dir.setter
def mod_dir(self, v):
if isinstance(v, str):
self.options['mod_dir'] = [v]
else:
self.options['mod_dir'] = v
@property
def ext_dir(self):
"""Directory to load external libraries from."""
return self.options['ext_dir']
@ext_dir.setter
def ext_dir(self, v):
if isinstance(v, str):
self.options['ext_dir'] = [v]
else:
self.options['ext_dir'] = v
@property
def base_dir(self):
"""Base directory to load modules and external libraries."""
return self.options['base_dir']
@base_dir.setter
def base_dir(self, v):
if isinstance(v, str):
self.options['base_dir'] = [v]
else:
self.options['base_dir'] = v
@property
def filename(self):
"""input pcap file."""
return self.options['filename']
@filename.setter
def filename(self, v):
self.options['filename'] = v
@property
def filelist(self):
"""list of files to process"""
return self.options['filelist']
@filelist.setter
def filelist(self, v):
self.options['filelist'] = v
@property
def aslist(self):
"""Treat filename as a file containing a list of files."""
return self.options['aslist']
@aslist.setter
def aslist(self, v):
self.options['aslist'] = v
@property
def longrun(self):
"""Read from filename forever even if there's no more pcap data."""
return self.options['longrun']
@longrun.setter
def longrun(self, v):
self.options['longrun'] = v
@property
def interface(self):
"""interface to listen on."""
return self.options['interface']
@interface.setter
def interface(self, v):
self.options['interface'] = v
@property
def modinfo(self):
"""print information about module(s) and exit."""
return self.options['modinfo']
@modinfo.setter
def modinfo(self, v):
self.options['modinfo'] = v
@property
def modtree(self):
"""print information about module tree and exit."""
return self.options['modtree']
@modtree.setter
def modtree(self, v):
self.options['modtree'] = v
@property
def GMT(self):
"""timestamps in GMT (tsprnt and tsprettyprnt only)."""
return self.options['GMT']
@GMT.setter
def GMT(self, v):
self.options['GMT'] = v
@property
def savefiles(self):
"""Handle the saving of files. """
return self.options['savefiles']
@savefiles.setter
def savefiles(self, v):
self.options['savefiles'] = v
@property
def text(self):
"""Handle text/printable output. """
return self.options['text']
@text.setter
def text(self, v):
self.options['text'] = v
@property
def pyobjout(self):
"""Handle raw python objects"""
return self.options['pyobjout']
@pyobjout.setter
def pyobjout(self, v):
self.options['pyobjout'] = v
@property
def jsonout(self):
"""Handle JSON Data (chop.json)."""
return self.options['jsonout']
@jsonout.setter
def jsonout(self, v):
self.options['jsonout'] = v
@property
def modules(self):
"""String of Modules to execute"""
return self.options['modules']
@modules.setter
def modules(self, v):
self.options['modules'] = v
@property
def bpf(self):
"""BPF string to pass to Nids"""
return self.options['bpf']
@bpf.setter
def bpf(self, v):
self.options['bpf'] = v
def get_message_queue(self):
return self.tocaller
def get_stop_fn(self):
return self.stop
def version(self):
global VERSION
return VERSION
def abort(self):
self.tonids.put(['abort'])
self.surgeon.abort()
def stop(self):
self.stopped = True
if self.surgeon:
self.surgeon.stop()
def setup_local_chop(self, name="ChopShop", pid=-1):
#This allows Process 1 to access Chops, note that it has
#a hardcoded id of -1 since otherwise it might overlap
#with the other chops, only use a custom id if you know
#what you're doing
chophelper = ChopHelper(self.tocaller, self.options)
self.chop = chophelper.setup_module(name, pid)
def send_finished_msg(self, data={}, stop_seq=False):
message = {
'type': 'ctrl',
'data': {
'msg': 'finished',
'status': 'ok' #default to ok
}
}
for key, val in data.iteritems():
message['data'][key] = val
self.kill_lock.acquire()
try:
self.tocaller.put(message)
if stop_seq:
self.tonids.put(['stop'])
self.nidsp.join()
except AttributeError:
pass
finally:
self.kill_lock.release()
def run(self):
if not self.options['modinfo'] and not self.options[
'modtree']: #No point in doing surgery if it's modinfo or modtree
# Figure out where we're reading packets from
if not self.options['interface']:
if not self.options['filename']:
if not self.options['filelist']:
self.send_finished_msg(
{
'status': 'error',
'errors': 'No input Specified'
}, True)
return
else:
self.surgeon = Surgeon(self.options['filelist'])
self.options['filename'] = self.surgeon.create_fifo()
self.surgeon.operate()
else:
if not os.path.exists(self.options['filename']):
self.send_finished_msg(
{
'status':
'error',
'errors':
"Unable to find file '%s'" %
self.options['filename']
}, True)
return
if self.options['aslist']:
#input file is a listing of files to process
self.surgeon = Surgeon([self.options['filename']],
self.options['longrun'])
self.options['filename'] = self.surgeon.create_fifo()
#TODO operate right away or later?
self.surgeon.operate(True)
#Send options to Process 2 and tell it to setup
self.kill_lock.acquire()
try:
self.tonids.put(['init', self.options])
except AttributeError:
#usually means tonids is None
#possibly being killed?
pass
except Exception, e:
raise ChopLibException(e)
finally:
def run(self):
surgeon = None
if not self.options['modinfo']: #No point in doing surgery if it's modinfo
# Figure out where we're reading packets from
if not self.options['interface']:
if not self.options['filename']:
if not self.options['filelist']:
self.send_finished_msg({'status':'error','errors': 'No input Specified'}, True)
return
else:
surgeon = Surgeon(self.options['filelist'])
self.options['filename'] = surgeon.create_fifo()
surgeon.operate()
else:
if not os.path.exists(self.options['filename']):
self.send_finished_msg({'status':'error','errors':"Unable to find file '%s'" % self.options['filename']}, True)
return
if self.options['aslist']:
#input file is a listing of files to process
surgeon = Surgeon([self.options['filename']], self.options['longrun'])
self.options['filename'] = surgeon.create_fifo()
#TODO operate right away or later?
surgeon.operate(True)
#Send options to Process 2 and tell it to setup
self.tonids.put(['init', self.options])
#Wait for a reponse
resp = self.fromnids.get()
if resp != 'ok':
self.send_finished_msg({'status':'error','errors':resp}, True)
return
if self.options['modinfo']:
self.tonids.put(['mod_info'])
resp = self.fromnids.get() #really just to make sure the functions finish
#Process 2 will quit after doing its job
#Inform caller that the process is done
self.send_finished_msg()
#Surgeon should not be invoked so only need
#to cleanup nidsp
self.nidsp.join()
return
else:
self.tonids.put(['cont'])
#Processing loop
while True:
try:
data = self.fromnids.get(True, .1)
except Queue.Empty, e:
if not self.nidsp.is_alive():
break
if self.stopped:
self.nidsp.terminate()
continue
if data[0] == "stop":
#Send the message to caller that we need to stop
message = { 'type' : 'ctrl',
'data' : {'msg' : 'stop'}
}
self.tocaller.put(message)
self.nidsp.join(1)
#Force Terminate if nids process is non-compliant
if self.nidsp.is_alive():
self.nidsp.terminate()
break
time.sleep(.1)
class ChopLib(Thread):
daemon = True
def __init__(self):
Thread.__init__(self, name = 'ChopLib')
global DEFAULT_MODULE_DIRECTORY
global DEFAULT_EXTLIB_DIRECTORY
pyversion = sys.version_info
pyversion = float(str(pyversion[0]) + "." + str(pyversion[1]))
if pyversion < 2.6:
raise ChopLibException("Minimum Python Version 2.6 Required")
global Queue
global Process
from multiprocessing import Process, Queue
from Queue import Empty
Queue.Empty = Empty #I'd prefer to keep this scoped to Queue
self.options = { 'mod_dir': [DEFAULT_MODULE_DIRECTORY],
'ext_dir': [DEFAULT_EXTLIB_DIRECTORY],
'base_dir': None,
'filename': '',
'filelist': None,
'bpf': None,
'aslist': False,
'longrun': False,
'interface': '',
'modinfo': False,
'modtree': False,
'GMT': False,
'savefiles': False, #Should ChopShop handle the saving of files?
'text': False,
'pyobjout': False,
'jsonout': False,
'modules': ''
}
self.stopped = False
#Setup Interaction Queues
self.tocaller = Queue() #output directly to caller
self.fromnids = Queue() #input queue from nids process
self.tonids = Queue() #output queue to nids process
#Start up Process 2 (Nids Process)
self.nidsp = Process(target=self.__nids_core_runner_, args=(self.tonids, self.fromnids, self.tocaller))
self.nidsp.daemon = True
self.nidsp.start()
self.chop = None
self.surgeon = None
self.kill_lock = Lock()
@property
def mod_dir(self):
"""Directory to load modules from."""
return self.options['mod_dir']
@mod_dir.setter
def mod_dir(self, v):
if isinstance(v, basestring):
self.options['mod_dir'] = [v]
else:
self.options['mod_dir'] = v
@property
def ext_dir(self):
"""Directory to load external libraries from."""
return self.options['ext_dir']
@ext_dir.setter
def ext_dir(self, v):
if isinstance(v, basestring):
self.options['ext_dir'] = [v]
else:
self.options['ext_dir'] = v
@property
def base_dir(self):
"""Base directory to load modules and external libraries."""
return self.options['base_dir']
@base_dir.setter
def base_dir(self, v):
if isinstance(v, basestring):
self.options['base_dir'] = [v]
else:
self.options['base_dir'] = v
@property
def filename(self):
"""input pcap file."""
return self.options['filename']
@filename.setter
def filename(self, v):
self.options['filename'] = v
@property
def filelist(self):
"""list of files to process"""
return self.options['filelist']
@filelist.setter
def filelist(self, v):
self.options['filelist'] = v
@property
def aslist(self):
"""Treat filename as a file containing a list of files."""
return self.options['aslist']
@aslist.setter
def aslist(self, v):
self.options['aslist'] = v
@property
def longrun(self):
"""Read from filename forever even if there's no more pcap data."""
return self.options['longrun']
@longrun.setter
def longrun(self, v):
self.options['longrun'] = v
@property
def interface(self):
"""interface to listen on."""
return self.options['interface']
@interface.setter
def interface(self, v):
self.options['interface'] = v
@property
def modinfo(self):
"""print information about module(s) and exit."""
return self.options['modinfo']
@modinfo.setter
def modinfo(self, v):
self.options['modinfo'] = v
@property
def modtree(self):
"""print information about module tree and exit."""
return self.options['modtree']
@modtree.setter
def modtree(self, v):
self.options['modtree'] = v
@property
def GMT(self):
"""timestamps in GMT (tsprnt and tsprettyprnt only)."""
return self.options['GMT']
@GMT.setter
def GMT(self, v):
self.options['GMT'] = v
@property
def savefiles(self):
"""Handle the saving of files. """
return self.options['savefiles']
@savefiles.setter
def savefiles(self, v):
self.options['savefiles'] = v
@property
def text(self):
"""Handle text/printable output. """
return self.options['text']
@text.setter
def text(self, v):
self.options['text'] = v
@property
def pyobjout(self):
"""Handle raw python objects"""
return self.options['pyobjout']
@pyobjout.setter
def pyobjout(self, v):
self.options['pyobjout'] = v
@property
def jsonout(self):
"""Handle JSON Data (chop.json)."""
return self.options['jsonout']
@jsonout.setter
def jsonout(self, v):
self.options['jsonout'] = v
@property
def modules(self):
"""String of Modules to execute"""
return self.options['modules']
@modules.setter
def modules(self, v):
self.options['modules'] = v
@property
def bpf(self):
"""BPF string to pass to Nids"""
return self.options['bpf']
@bpf.setter
def bpf(self, v):
self.options['bpf'] = v
def get_message_queue(self):
return self.tocaller
def get_stop_fn(self):
return self.stop
def version(self):
global VERSION
return VERSION
def abort(self):
self.tonids.put(['abort'])
self.surgeon.abort()
def stop(self):
self.stopped = True
if self.surgeon:
self.surgeon.stop()
def setup_local_chop(self, name = "ChopShop", pid = -1):
#This allows Process 1 to access Chops, note that it has
#a hardcoded id of -1 since otherwise it might overlap
#with the other chops, only use a custom id if you know
#what you're doing
chophelper = ChopHelper(self.tocaller, self.options)
self.chop = chophelper.setup_module(name, pid)
def send_finished_msg(self, data = {}, stop_seq = False):
message = { 'type' : 'ctrl',
'data' : {'msg' : 'finished',
'status': 'ok' #default to ok
}
}
for key,val in data.iteritems():
message['data'][key] = val
self.kill_lock.acquire()
try:
self.tocaller.put(message)
if stop_seq:
self.tonids.put(['stop'])
self.nidsp.join()
except AttributeError:
pass
finally:
self.kill_lock.release()
def run(self):
if not self.options['modinfo'] and not self.options['modtree']: #No point in doing surgery if it's modinfo or modtree
# Figure out where we're reading packets from
if not self.options['interface']:
if not self.options['filename']:
if not self.options['filelist']:
self.send_finished_msg({'status':'error','errors': 'No input Specified'}, True)
return
else:
self.surgeon = Surgeon(self.options['filelist'])
self.options['filename'] = self.surgeon.create_fifo()
self.surgeon.operate()
else:
if not os.path.exists(self.options['filename']):
self.send_finished_msg({'status':'error','errors':"Unable to find file '%s'" % self.options['filename']}, True)
return
if self.options['aslist']:
#input file is a listing of files to process
self.surgeon = Surgeon([self.options['filename']], self.options['longrun'])
self.options['filename'] = self.surgeon.create_fifo()
#TODO operate right away or later?
self.surgeon.operate(True)
#Send options to Process 2 and tell it to setup
self.kill_lock.acquire()
try:
self.tonids.put(['init', self.options])
except AttributeError:
#usually means tonids is None
#possibly being killed?
pass
except Exception, e:
raise ChopLibException(e)
finally:
