def test_observer_icmp_unreachable(): try: import plt # libtrace may not be available except: raise nose.SkipTest lturi = "pcap:tests/testdata/icmp_unreachable.pcap" logging.getLogger().setLevel(logging.INFO) o = Observer(lturi, new_flow_chain=[basic_flow, icmp_setup], icmp4_chain=[icmp_unreachable]) q = queue.Queue() t = threading.Thread(target=o.run_flow_enqueuer, args=(q,), daemon=True) t.start() unreachables = [ '172.20.152.190', ] while True: f = q.get() if f == SHUTDOWN_SENTINEL: break print(f) assert f['icmp_unreachable'] == (f['dip'] in unreachables)
def create_observer(self, test_trace, chains): if not test_trace.startswith("/"): test_trace = pkg_resources.resource_filename( "pathspider", "tests/data/" + test_trace) self.lturi = "pcap:" + test_trace self.observer = Observer(self.lturi, chains) self.flowqueue = queue.Queue()
def run_observer(args): logger = logging.getLogger("pathspider") if args.list_chains: print("The following chains are available:\n") for chain in chains: print(chain.__name__.lower()[:-5]) print("\nSpider safely!") sys.exit(0) interface = args.interface if not ":" in args.interface: if interface.endswith(".pcap") or interface.startswith("/"): interface = "pcapfile:" + interface else: interface = "int:" + interface if interface.startswith("int:") and not interface_up(interface[4:]): logger.error("The chosen interface is not up! Cannot continue.") logger.error("Try --help for more information.") sys.exit(1) logger.info("creating observer...") chosen_chains = [] for chosen_chain in args.chains: for chain in chains: if chosen_chain.lower() + "chain" == chain.__name__.lower(): chosen_chains.append(chain) if len(args.chains) > len(chosen_chains): logger.error("Unable to find one or more of the requested chains.") logger.error("Try --list-chains to list the available chains.") observer_shutdown_queue = queue.Queue(QUEUE_SIZE) flowqueue = queue.Queue(QUEUE_SIZE) observer = Observer(interface, chosen_chains) logger.info("starting observer...") threading.Thread(target=observer.run_flow_enqueuer, args=(flowqueue, observer_shutdown_queue)).start() logger.info("opening output file " + args.output) with open(args.output, 'w') as outputfile: logger.info("registering interrupt...") def signal_handler(signal, frame): observer_shutdown_queue.put(True) signal.signal(signal.SIGINT, signal_handler) while True: result = flowqueue.get() if result == SHUTDOWN_SENTINEL: logger.info("output complete") break outputfile.write(json.dumps(result) + "\n") logger.debug("wrote a result")
def create_observer(self): logger = logging.getLogger('tfo') logger.info("Creating observer") # try: return Observer(self.libtrace_uri, new_flow_chain=[basic_flow, tcp_setup, _tfosetup], ip4_chain=[basic_count], ip6_chain=[basic_count], tcp_chain=[tcp_handshake, tcp_complete, _tfopacket])
def create_observer(self): """ Create a flow observer. This function is called by the base Spider logic to get an instance of :class:`pathspider.observer.Observer` configured with the function chains that are requried by the plugin. """ self.__logger.info("Creating observer") if len(self.chains) > 0: from pathspider.observer import Observer return Observer(self.libtrace_uri, chains=self.chains) # pylint: disable=no-member else: from pathspider.observer import DummyObserver return DummyObserver()
def create_observer(self): """ Creates an observer with ECN-related chain functions. """ logger = logging.getLogger('ecn') logger.info("Creating observer") try: return Observer(self.libtrace_uri, new_flow_chain=[basic_flow, tcp_setup, ecn_setup], ip4_chain=[basic_count, ecn_code], ip6_chain=[basic_count, ecn_code], tcp_chain=[tcp_handshake, tcp_complete]) except: logger.error("Observer not cooperating, abandon ship") traceback.print_exc() sys.exit(-1)
def test_observer_shutdown(): try: import plt # libtrace may not be available except: raise nose.SkipTest flowqueue = mp.Queue(QUEUE_SIZE) observer_shutdown_queue = mp.Queue(QUEUE_SIZE) observer = Observer("pcap:tests/testdata/random.pcap") observer_process = mp.Process(args=(flowqueue, observer_shutdown_queue), target=observer.run_flow_enqueuer, name='observer', daemon=True) observer_process.start() observer_shutdown_queue.put(True) assert flowqueue.get(True, timeout=3) == SHUTDOWN_SENTINEL observer_process.join(3) assert not observer_process.is_alive()
def test_observer_tcp(): try: import plt # libtrace may not be available except: raise nose.SkipTest lturi = "pcap:tests/testdata/tcp_http.pcap" logging.getLogger().setLevel(logging.INFO) o = Observer(lturi, new_flow_chain=[basic_flow, tcp_setup], tcp_chain=[tcp_handshake, tcp_complete]) q = queue.Queue() t = threading.Thread(target=o.run_flow_enqueuer, args=(q, ), daemon=True) t.start() flows = [] while True: f = q.get() if f == SHUTDOWN_SENTINEL: break flows.append(f) assert len(flows) == 3 print(flows) dips = [] for flow in flows: if flow['dip'] == "65.208.228.223": assert flow['sp'] == 3372 assert flow['dp'] == 80 assert flow['fwd_syn_flags'] == TCP_SYN assert flow['rev_syn_flags'] == TCP_SYN | TCP_ACK assert flow['tcp_connected'] == True assert flow['fwd_fin'] == True assert flow['rev_fin'] == True assert flow['fwd_rst'] == False assert flow['rev_rst'] == False if flow['dip'] == "216.239.59.99": assert flow['sp'] == 3371 assert flow['dp'] == 80 assert flow['fwd_syn_flags'] == None assert flow['rev_syn_flags'] == None assert flow['tcp_connected'] == False assert flow['fwd_fin'] == False assert flow['rev_fin'] == False assert flow['fwd_rst'] == False assert flow['rev_rst'] == False if flow['dip'] == "145.253.2.203": # This is a UDP flow, it won't be merged as there will not have # been a job record assert flow['sp'] == 3009 assert flow['dp'] == 53 assert flow['fwd_syn_flags'] == None assert flow['rev_syn_flags'] == None assert flow['tcp_connected'] == False assert flow['fwd_fin'] == False assert flow['rev_fin'] == False assert flow['fwd_rst'] == False assert flow['rev_rst'] == False dips.append(flow['dip']) assert "65.208.228.223" in dips assert "216.239.59.99" in dips assert "145.253.2.203" in dips