vrr/nfstream
2
0
Fork 0
mirror of https://github.com/nfstream/nfstream.git synced 2026-05-19 16:28:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix idle scanner on live capture.

Browse source
This commit is contained in:
aouinizied 2020-05-06 19:38:54 +02:00
parent 540376a5b6
commit a2a2f1f7be
3 changed files with 16 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

19
nfstream/observer.py
View file

@ -44,7 +44,8 @@ typedef struct nf_packet {
"""
cc_observer_apis = """
pcap_t *observer_open(const uint8_t * pcap_file, unsigned snaplen, int promisc, int to_ms, char *errbuf, int mode);
pcap_t *observer_open(const uint8_t * pcap_file, unsigned snaplen, int promisc, int to_ms, char *errbuf,
char *errbuf_set, int mode);
int observer_configure(pcap_t * pcap_handle, char * bpf_filter);
int observer_next(pcap_t * pcap_handle, struct nf_packet *nf_pkt, int nroots, int decode_tunnels);
void observer_close(pcap_t *);
@ -137,10 +138,13 @@ class NFObserver:
if self.mode in [0, 1]:
error_buffer = self._ffi.new("char []", 128)
error_buffer_setter = self._ffi.new("char []", 128)
handler = self._lib.observer_open(bytes(source, 'utf-8'), snaplen, int(promisc), to_ms,
error_buffer, self.mode)
error_buffer, error_buffer_setter, self.mode)
if handler == self._ffi.NULL:
raise OSError(self._ffi.string(error_buffer).decode('ascii', 'ignore'))
raise OSError(self._ffi.string(error_buffer).decode('ascii', 'ignore') + "\n" +
self._ffi.string(error_buffer_setter).decode('ascii', 'ignore'))
else:
# Once we have a valid handler, we move to BPF filtering configuration.
if isinstance(bpf_filter, str):
@ -162,14 +166,14 @@ class NFObserver:
rv = self._lib.observer_next(self.cap, nf_packet, self.nroots, self.decode_tunnels)
return rv, nf_packet
def build_nf_packet(self, pkt):
def build_nf_packet(self, time, pkt):
if self.account_ip_padding_size:
rs_ip_size = pkt.ip_size
else:
rs_ip_size = pkt.ip_size_from_header
src_ip = self._ffi.string(pkt.src_name).decode('utf-8', errors='ignore')
dst_ip = self._ffi.string(pkt.dst_name).decode('utf-8', errors='ignore')
return NFPacket(time=pkt.time,
return NFPacket(time=time,
raw_size=pkt.raw_size,
ip_size=rs_ip_size,
transport_size=pkt.transport_size,
@ -202,9 +206,10 @@ class NFObserver:
if pkt.consumable == 1:
if pkt.time >= self.safety_time:
self.safety_time = pkt.time
tm = pkt.time
else:
pkt.time = self.safety_time
yield self.build_nf_packet(pkt)
tm = self.safety_time
yield self.build_nf_packet(tm, pkt)
else:
yield None
except KeyboardInterrupt:

5
nfstream/observer_cc.c
View file

@ -1065,16 +1065,15 @@ int process_packet(pcap_t * pcap_handle, const struct pcap_pkthdr *header, const
/**
* observer_open: Open a pcap file or a specified device.
*/
pcap_t * observer_open(const u_char * pcap_file, u_int snaplen, int promisc, int to_ms, char *errbuf, int mode) {
pcap_t * observer_open(const u_char * pcap_file, u_int snaplen, int promisc, int to_ms, char *errbuf, char *errbuf_set, int mode) {
pcap_t * pcap_handle = NULL;
int status = 0;
if (mode == 0) {
pcap_handle = pcap_open_offline((char*)pcap_file, errbuf);
}
if (mode == 1) {
pcap_handle = pcap_open_live((char*)pcap_file, snaplen, promisc, to_ms, errbuf);
status = pcap_setnonblock(pcap_handle, 1, errbuf);
if (pcap_handle != NULL) status = pcap_setnonblock(pcap_handle, 1, errbuf_set);
}
if (status == 0) {
return pcap_handle;

4
tests.py
View file

@ -98,7 +98,7 @@ class TestMethods(unittest.TestCase):
def test_flow_metadata_extraction(self):
print("\n----------------------------------------------------------------------")
streamer_test = NFStreamer(source='tests/pcap/facebook.pcap')
streamer_test = NFStreamer(source='tests/pcap/facebook.pcap', bpf_filter="src port 52066 or dst port 52066")
flows = []
for flow in streamer_test:
flows.append(flow)
@ -379,7 +379,7 @@ messenger.com')
def test_to_pandas(self):
print("\n----------------------------------------------------------------------")
df = NFStreamer(source='tests/pcap/facebook.pcap', statistics=True,
bpf_filter="src port 52066 or dst port 52066").to_pandas()
bpf_filter="src port 52066 or dst port 52066").to_pandas()
self.assertEqual(df["src_port"][0], 52066)
self.assertEqual(df.shape[0], 1)
self.assertEqual(df.shape[1], 95)