def verify_short_tuples(self, tuples, high_level_func, proto_num,
af_family):
"""
Similar to verify_full_tuples, but for the IP-only tuple scenario.
"""
for tpl in tuples:
# Using the convenience wrapper:
cft = high_level_func(tpl[0], tpl[1], proto_num)
self.assertEqualID(cft, tpl[2:])
# Using specific protocol number:
cft = communityid.FlowTuple(proto_num, tpl[0], tpl[1])
self.assertEqualID(cft, tpl[2:])
# Using packed NBO, as when grabbing from a packet header:
cft = communityid.FlowTuple(proto_num,
socket.inet_pton(af_family, tpl[0]),
socket.inet_pton(af_family, tpl[1]))
self.assertEqualID(cft, tpl[2:])
# Using a mix, ewww.
cft = communityid.FlowTuple(proto_num, tpl[0],
socket.inet_pton(af_family, tpl[1]))
self.assertEqualID(cft, tpl[2:])
# Using Python 3.3+'s ipaddress types or their 2.x
# backport:
try:
cft = communityid.FlowTuple(
proto_num, communityid.compat.ip_address(tpl[0]),
communityid.compat.ip_address(tpl[1]))
self.assertEqualID(cft, tpl[2:])
except RuntimeError:
pass
def get_table(args, seed=0, use_base64=True):
cid = communityid.CommunityID(seed=seed, use_base64=use_base64)
detail = '(defaults)'
if seed != 0 or not use_base64:
word = 'w/' if use_base64 else 'w/o'
detail = '(seed=%d, %s base64)' % (seed, word)
headers = [
'Proto name', 'Proto number', 'Src address', 'Dst address', 'Src port',
'Dst port',
'Community ID %s' % detail, 'Comment'
]
table = []
for a in args:
tpl = communityid.FlowTuple(a.p, a.saddr, a.daddr, a.sport, a.dport)
table.append([
a.pname, a.p, a.saddr, a.daddr,
v2s(a.sport),
v2s(a.dport),
cid.calc(tpl), a.comment
])
return headers, table
def verify_tuples(self, tuples, high_level_func, proto_num, af_family):
"""
Verifies for each of the provided flow tuples and expected
Community ID strings that the computation produces the
expected result, trying the various supported types for the
flow tuple coordinates.
"""
for tpl in tuples:
# Using the convenience wrapper:
cft = high_level_func(tpl[0], tpl[1], tpl[2], tpl[3])
self.assertEqualID(cft, tpl[4:])
# Using specific protocol number:
cft = communityid.FlowTuple(proto_num, tpl[0], tpl[1], tpl[2], tpl[3])
self.assertEqualID(cft, tpl[4:])
# Using packed NBO, as when grabbing from a packet header:
cft = communityid.FlowTuple(
proto_num,
socket.inet_pton(af_family, tpl[0]),
socket.inet_pton(af_family, tpl[1]),
struct.pack('!H', tpl[2]),
struct.pack('!H', tpl[3]))
self.assertEqualID(cft, tpl[4:])
# Using a mix, ewww.
cft = communityid.FlowTuple(
proto_num,
socket.inet_pton(af_family, tpl[0]),
socket.inet_pton(af_family, tpl[1]),
tpl[2], tpl[3])
self.assertEqualID(cft, tpl[4:])
# Using Python 3.3+'s ipaddress types or their 2.x
# backport:
try:
cft = communityid.FlowTuple(
proto_num,
communityid.compat.ip_address(tpl[0]),
communityid.compat.ip_address(tpl[1]),
tpl[2], tpl[3])
self.assertEqualID(cft, tpl[4:])
except RuntimeError:
pass
def processfile(commid, txtfile):
proto = {'tcp': 6, 'udp': 17}
file1 = open(txtfile, 'r')
Lines = file1.readlines()
for li in Lines:
vals = li.split()
#try :
tpl = communityid.FlowTuple(proto[vals[6]], socket.inet_aton(vals[2]),
socket.inet_aton(vals[4]), int(vals[3]),
int(vals[5]))
cid = commid.calc(tpl)
print(cid, ',', vals[-1])
def test_inputs(self):
# Need protocol
with self.assertRaises(communityid.FlowTupleError):
tpl = communityid.FlowTuple(None, "1.2.3.4", "5.6.7.8")
# Need both IP addresses
with self.assertRaises(communityid.FlowTupleError):
tpl = communityid.FlowTuple(communityid.PROTO_TCP, "1.2.3.4", None)
with self.assertRaises(communityid.FlowTupleError):
tpl = communityid.FlowTuple(communityid.PROTO_TCP, None, "5.6.7.8")
# Need parseable IP addresses
with self.assertRaises(communityid.FlowTupleError):
tpl = communityid.FlowTuple(communityid.PROTO_TCP, "ohdear.com",
"5.6.7.8")
with self.assertRaises(communityid.FlowTupleError):
tpl = communityid.FlowTuple(communityid.PROTO_TCP, "1.2.3.4",
"ohdear.com")
# Need two valid ports
with self.assertRaises(communityid.FlowTupleError):
tpl = communityid.FlowTuple(communityid.PROTO_TCP, "1.2.3.4",
"5.6.7.8", 23, None)
with self.assertRaises(communityid.FlowTupleError):
tpl = communityid.FlowTuple(communityid.PROTO_TCP, "1.2.3.4",
"5.6.7.8", None, 23)
with self.assertRaises(communityid.FlowTupleError):
tpl = communityid.FlowTuple(communityid.PROTO_TCP, "1.2.3.4",
"5.6.7.8", "23/tcp", 23)
with self.assertRaises(communityid.FlowTupleError):
tpl = communityid.FlowTuple(communityid.PROTO_TCP, "1.2.3.4",
"5.6.7.8", 23, "23/tcp")
# Need ports with port-enabled protocol
with self.assertRaises(communityid.FlowTupleError):
tpl = communityid.FlowTuple(communityid.PROTO_TCP, "1.2.3.4",
"5.6.7.8")
def test_inputs_py3(self):
# Python 3 allows us to distinguish strings and byte sequences,
# and the following test only applies to it.
with self.assertRaises(communityid.FlowTupleError):
tpl = communityid.FlowTuple(communityid.PROTO_TCP, "1.2.3.4",
"5.6.7.8", 23, "80")
def _process_packet(self, tstamp, pktdata):
pkt = self._packet_parse(pktdata)
if not pkt:
#self._print_result(tstamp, pkt, '<not IP>')
return "B"
if IP in pkt:
saddr = pkt[IP].src
daddr = pkt[IP].dst
elif IP6 in pkt:
saddr = pkt[IP6].src
daddr = pkt[IP6].dst
else:
self._print_result(tstamp, pkt, '<not IP (???)>')
return "B"
tpl = None
if TCP in pkt:
tpl = communityid.FlowTuple(dpkt.ip.IP_PROTO_TCP, saddr, daddr,
pkt[TCP].sport, pkt[TCP].dport)
elif UDP in pkt:
tpl = communityid.FlowTuple(dpkt.ip.IP_PROTO_UDP, saddr, daddr,
pkt[UDP].sport, pkt[UDP].dport)
elif SCTP in pkt:
tpl = communityid.FlowTuple(dpkt.ip.IP_PROTO_SCTP, saddr, daddr,
pkt[SCTP].sport, pkt[SCTP].dport)
elif ICMP in pkt:
tpl = communityid.FlowTuple(dpkt.ip.IP_PROTO_ICMP, saddr, daddr,
pkt[ICMP].type, pkt[ICMP].code)
elif ICMP6 in pkt:
tpl = communityid.FlowTuple(dpkt.ip.IP_PROTO_ICMP6, saddr, daddr,
pkt[ICMP6].type, pkt[ICMP6].code)
if tpl is None:
# Fallbacks to other IP protocols:
if IP in pkt:
tpl = communityid.FlowTuple(pkt[IP].p, saddr, daddr)
elif IP6 in pkt:
tpl = communityid.FlowTuple(pkt[IP].nxt, saddr, daddr)
if tpl is None:
self._print_result(tstamp, pkt, '<not IP (???)>')
return "B"
#self._print_result(tstamp, pkt, self._commid.calc(tpl))
#Check Flags,
flags = ph.getFlags(pkt)
#add packet to a flow
cid = self._commid.calc(tpl)
if cid in ActualFlows.keys():
cFlow = ActualFlows[cid]
else:
cFlow = bf.InitFlow(cid, tstamp, tpl, pkt)
bf.FlowUpdate(cFlow, tstamp, tpl, pkt)
ActualFlows[cid] = cFlow
return "G"