Changeset 72 for trunk/tool/renetcolGUI.py

Timestamp:

05/28/08 14:43:34 (15 years ago)

Author:

andreu

Message:

multi-filters and two parameters from CLI

Files:

• trunk/tool/renetcolGUI.py (modified) (8 diffs)

trunk/tool/renetcolGUI.py

@@ -34 +34 @@
 os.environ['PATH'] += ";%s/lib;%s/bin" % (gtkdir, gtkdir)
 
-import operator
 import threading
 import string
@@ -44 +43 @@
 import pango
 import commands
+from optparse import OptionParser
 
 ########### DEFAULT VALUES, YOU MUST CHANGE IT ###############################
@@ -633 +633 @@
             coll_vbox.set_border_width(1)
             coll_window.add(coll_vbox)
-            coll_frame = gtk.Frame("The prefix/IP address/router, validate by enter")
+            coll_frame = gtk.Frame("Enter your filter (format described in tip), validate by enter")
             coll_vbox.pack_start(coll_frame, False, False, 5)
             coll_hbox = gtk.VBox(False, 0)
             coll_hbox.set_border_width(5)
             coll_frame.add(coll_hbox)
-            button = gtk.CheckButton(" router ")
-            button.connect("toggled", callback_check_rule, None)
-            coll_hbox.pack_start(button, False, False, 0)
-            mainTT.set_tip(button, "Check it to capture all flows from one router and enter the IPv4 address of this router. IN TEST")
-            button.show()
+##            button = gtk.CheckButton(" router ")
+##            button.connect("toggled", callback_check_rule, None)
+##            coll_hbox.pack_start(button, False, False, 0)
+##            mainTT.set_tip(button, "Check it to capture all flows from one router and enter the IPv4 address of this router. IN TEST")
+##            button.show()
             coll_pbbox = gtk.HButtonBox()
             coll_hbox.pack_start(coll_pbbox, False, True, 5)
-            prefix_entry(45, "Required Format : \n <field> <operation> <address>\nlike 8 = 10.0.0.1 \nor 8 = 10.0.1.0/24 \nor 27 = 2001::1 \nor 27 = 2001::/64 (IPv6 address only on Linux system)\nonly '=' operator for the moment\n------------------------------\nIn this version 0.0.7, you can compare the following fields:\nROUTER_SRC_ADDR: 0\nIN_BYTES: 1\nL4_PROT: 4\nL4_SRC_PORT: 7\nIPV4_SRC_ADDR: 8\nINPUT_SNMP: 10\nL4_DST_PORT: 11\nIPV4_DST_ADDR: 12\nOUTPUT_SNMP: 14\nIPV4_NEXT_HOP: 15\nSRC_AS: 16\nDST_AS: 17\nBGP_IPV4_NEXT_HOP: 18\nIPV6_SRC_ADDR: 27\nIPV6_DST_ADDR: 28\nIPV6_NEXT_HOP: 62\nBPG_IPV6_NEXT_HOP: 63\nIP_PROTOCOL_VERSION: 60\n---------------------------", coll_pbbox, "", 0)
+            prefix_entry(249, "Required Format : \n<field> = <value>[ & <field> = <value>]\
+            \nlike \
+            \n8 = 10.0.0.4 \
+            \n\t(all flows from IP Source 10.0.0.4)\
+            \nor 8 = 10.0.1.0/24 \
+            \n\t(all flows with IP Source in subnet 10.0.1.0/24)\
+            \nor 27 = 2001::1 (IPv6 address only on Linux system)\
+            \n\t(all flows from IP Source 2001::1)\
+            \nor 27 = 2001::/64 \
+            \n\t(all flows with IP Source in subnet 2001::/64)\
+            \nor 0 = 10.0.0.1 & 4 = 1\
+            \n\t(all ICMP flows from router 10.0.0.1)\
+            \nonly equal operator in this release\
+            \nmaximum 4 logical '&' for one filter (limit 249 chars)\
+            \n----------------------------------\
+            \n---- NetFlow Fields list ------\
+            \nROUTER_SRC_ADDR:\t 0\
+            \nIN_BYTES:\t\t\t 1\
+            \nL4_PROT:\t\t\t 4\
+            \nL4_SRC_PORT:\t\t 7\
+            \nIPV4_SRC_ADDR:\t\t 8\
+            \nINPUT_SNMP:\t\t\t10\
+            \nL4_DST_PORT:\t\t11\
+            \nIPV4_DST_ADDR:\t\t12\
+            \nOUTPUT_SNMP:\t\t14\
+            \nIPV4_NEXT_HOP:\t\t15\
+            \nSRC_AS:\t\t\t\t16\
+            \nDST_AS:\t\t\t\t17\
+            \nBGP_IPV4_NEXT_HOP:\t18\
+            \nIPV6_SRC_ADDR:\t\t27\
+            \nIPV6_DST_ADDR:\t\t28\
+            \nIPV6_NEXT_HOP:\t\t62\
+            \nBPG_IPV6_NEXT_HOP:\t63\
+            \nIP_PROT_VERSION:\t60\
+            \n---------------------------", coll_pbbox, "", 0)
             coll_frame2 = gtk.Frame("Disable rules")
             coll_vbox.pack_start(coll_frame2, False, False, 5)
@@ -761 +795 @@
         s.close()
 
+def sent_rule_from_cli(msg):
+    global collectorAddr, collectorPort, collectorAddr6, IPversion
+    s = None
+    if (IPversion==4):
+        tmpaf =  socket.AF_INET
+        addr = collectorAddr
+        port = collectorPort
+    elif (IPversion == 6):
+        tmpaf =  socket.AF_INET6
+        addr = collectorAddr6
+        port = collectorPort
+    else:
+        print "Wrong IP version : ", IPversion
+        exit(0)
+    for res in socket.getaddrinfo(addr, port, tmpaf, socket.SOCK_STREAM):
+        af, socktype, proto, canonname, sa = res
+        try:
+            s = socket.socket(af, socktype, proto)
+        except socket.error, msg:
+            s = None
+            continue
+        try:
+            s.connect(sa)
+        except socket.error, msg:
+            s.close()
+            s = None
+            continue
+        break
+    if s is None:
+        check_dialog( None, None, "could not open socket")
+    else:
+        s.send(msg)
+        check_dialog( None, None, "Action was sent")
+        s.close()
+
 # dialog box to collector control
 def prefix_callback( widget, entry, id):
@@ -766 +835 @@
     entry_text = entry.get_text()
     is_good = 0
+    mymsg = []
     if (id == 0):
         if ( entry_text==""):
             collPrefix = 0
         else:
-            rule = entry_text.split(' ')
-            field = rule[0]
-            operator = rule[1]
-            value = rule[2]
-            if (field=='0' or field=='8' or field=='12' or field=='15' or field=='18' or field=='47'):
-                if (re.match('^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(/\d{1,2})?$',value)):
-                    splitter = value.split('/')
-                    adip = struct.unpack('>L',socket.inet_aton(splitter[0]))[0]
-                    if len(splitter)>1:
-                        bits = int(splitter[1])
-                        if bits <= 32 and bits > 0:
-                            mask[1] = 0xffffffffL << (32 - bits)
+            ## here we parse the filter, possibility of many filter concatened with '&' operator
+            filters = entry_text.split('&')
+            if len(filters)>5:
+                check_dialog( widget, None, "No more 4 '&' !")
+                is_ok = 0
+            else:
+                is_ok = 1
+                for f in filters:
+                    rule = f.split(' ')
+                    if len(mymsg)==0:
+                        field = rule[0]
+                        operator = rule[1]
+                        value = rule[2]
+                        mymsg = "C" + "_" + field + "_" + operator + "_" + value
+                    else:
+                        field = rule[1]
+                        operator = rule[2]
+                        value = rule[3]                        
+                        mymsg += "_C" + "_" + field + "_" + operator + "_" + value
+                    print f
+                    print mymsg
+                    if (field=='0' or field=='8' or field=='12' or field=='15' or field=='18' or field=='47'):
+                        if (re.match('^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(/\d{1,2})?$',value)):
+                            splitter = value.split('/')
+                            adip = struct.unpack('>L',socket.inet_aton(splitter[0]))[0]
+                            if len(splitter)>1:
+                                bits = int(splitter[1])
+                                if bits <= 32 and bits > 0:
+                                    mask[1] = 0xffffffffL << (32 - bits)
+                                    is_good = 1
+                                else:
+                                    check_dialog( widget, None, "Wrong value in mask!")
+                                    is_good = 0
+                            else:
+                                value = value+"/32"
+                                mask[1] = 0xffffffffL
+                                is_good = 1
+                        else:
+                            check_dialog( widget, None, "Wrong value !")
+                    if (field=='27' or field=='28' or field=='62'):
+                        ipv6ad_mask = value.split('/')
+                        if len(ipv6ad_mask)==1:
+                            try:
+                                socket.gethostbyaddr(value)
+                                is_good = 1
+                            except socket.gaierror:
+                                check_dialog( widget, None, "Wrong value !")
+                            except socket.herror: ## can't resolv 
+                                check_dialog( widget, None, "I can't resolv !")
+                            except socket.error:
+                                check_dialog( widget, None, "Error in gethostbyaddr()!")
+                        else:
+                            is_good = 1
+                    ##here, check the prefix value?
+                    if (field=='60' or field=='46'):
+                        if (int(value) < 256):
                             is_good = 1
                         else:
-                            check_dialog( widget, None, "Wrong value in mask!")
+                            check_dialog( widget, None, "Wrong value, must be < 256 !")
                             is_good = 0
-                    else:
-                        value = value+"/32"
-                        mask[1] = 0xffffffffL
-                        is_good = 1
-                else:
-                    check_dialog( widget, None, "Wrong value !")
-            if (field=='27' or field=='28' or field=='62'):
-                ipv6ad_mask = value.split('/')
-                if len(ipv6ad_mask)==1:
-                    try:
-                        socket.gethostbyaddr(value)
-                        is_good = 1
-                    except socket.gaierror:
-                        check_dialog( widget, None, "Wrong value !")
-                    except socket.herror: ## can't resolv 
-                        check_dialog( widget, None, "I can't resolv !")
-                    except socket.error:
-                        check_dialog( widget, None, "Error in gethostbyaddr()!")
-                else:
-                    is_good = 1
-                ##here, check the prefix value?
-            if (field=='60' or field=='46'):
-                if (int(value) < 256):
-                    is_good = 1
-                else:
-                    check_dialog( widget, None, "Wrong value, must be < 256 !")
-                    is_good = 0
-            if (field=='1'):
-                if (int(value) < 4294967295):
-                    is_good = 1
-                else:
-                    check_dialog( widget, None, "Wrong value, must be < 4294967295 !")
-                    is_good = 0
-            if (field=='7' or field=='11' or field=='4'):
-                if (int(value) < 65536):
-                    is_good = 1
-                else:
-                    check_dialog( widget, None, "Wrong value, must be < 65536 !")
-                    is_good = 0
-            if (field=='10' or field=='14' or field=='16' or field=='17'):
-                if (int(value) < 65536):
-                    is_good = 1
-                else:
-                    check_dialog( widget, None, "Wrong value, must be < 65536 !")
-                    is_good = 0                    
-            if (is_good==1):
+                    if (field=='1'):
+                        if (int(value) < 4294967295):
+                            is_good = 1
+                        else:
+                            check_dialog( widget, None, "Wrong value, must be < 4294967295 !")
+                            is_good = 0
+                    if (field=='7' or field=='11' or field=='4'):
+                        if (int(value) < 65536):
+                            is_good = 1
+                        else:
+                            check_dialog( widget, None, "Wrong value, must be < 65536 !")
+                            is_good = 0
+                    if (field=='10' or field=='14' or field=='16' or field=='17'):
+                        if (int(value) < 65536):
+                            is_good = 1
+                        else:
+                            check_dialog( widget, None, "Wrong value, must be < 65536 !")
+                            is_good = 0
+            if (is_good==1 and is_ok==1):
                 ##collPrefix = adip & mask[1]
                 ## Here tcp exchange between collector & client
-                msg = str(localPort) +" "+ field +" "+ operator+" "+ value
+                ##msg = str(localPort) +" "+ field +" "+ operator+" "+ value
+                msg = str(localPort) + " " + mymsg
+                print msg
                 sent_rule(widget, msg)
                 widget.set_editable(False)
@@ -870 +959 @@
         if (record_file!=None):
             record_file.close()
+        sent_rule_from_cli("DELETE")
         print "\n\n\n\n\n Input Stream closed. \n\n\n\n\n By :-) \n\n\n\n"
-    myTimer.cancel()
+    if (myTimer != None):
+        myTimer.cancel()
     gtk.main_quit()
 
@@ -1064 +1155 @@
 if __name__ == "__main__":
     global window, mainTT, comboRouter, os_type, printShit
+    global localAddr, localPort
     
     gtk.gdk.threads_init()
@@ -1074 +1166 @@
         os_type = 3
 
+    parser = OptionParser()
+    parser.add_option("-r", "--router", dest="rtr", help ="router address used for NetFlow data export")
+    parser.add_option("-i", "--index", dest="ind", help ="Interface index get with snmpwalk")
+    (options, args) = parser.parse_args()
+    rtr = options.rtr
+    ind = options.ind
+
+    if len(sys.argv)==5:
+        myInputControlThread = InputControl(localAddr, localPort)
+        myInputControlThread.start()
+        msg = str(localPort) + " C_0_=_" + rtr + "_C_10_=_" + ind
+        print msg
+        sent_rule_from_cli(msg)
+        
     print "---------------------------------------------------------------"
     print "In this version, you can only apply rules on the collector based on the following fields:"