Exemplo n.º 1
0
bool CPythonNode::data(QString gate_name, const CConstDataPointer &data)
{
    Q_UNUSED(gate_name);

    if(data->getType() == "table") {
        // Get the table data structured received.
        QSharedPointer<const CTableData> p_table = data.staticCast<const CTableData>();
        // Create a table data structure to forward.
        QSharedPointer<CTableData> result_table = QSharedPointer<CTableData>(
                    static_cast<CTableData *>(createData("table")));

        QString script_name = getConfig().getParameter("input_script")->value.toString();
        // Start a new python context independant of any other.
        PythonQtObjectPtr module = PythonQt::self()->createUniqueModule();
        // Evaluate the user-supplied python script.
        module.evalFile(script_name);
        // Call the 'main' function of the user script with the received table
        // ... and a table that will contatin the results as arguments.
        QVariant result = module.call("main",
            QVariantList() << QVariant::fromValue(p_table.data())
                           << QVariant::fromValue(result_table.data()));
        if(result.toBool()) {
            commit("out", result_table);
        }

        return true;
    }
    else if(data->getType() == "tcpstreams") {
        // The TCP Streams data structure.
        QSharedPointer<const CTcpStreamsData> p_flows = data.staticCast<const CTcpStreamsData>();
        // Create a table data structure to forward.
        QSharedPointer<CTableData> result_table = QSharedPointer<CTableData>(
                    static_cast<CTableData *>(createData("table")));

        QString script_name = getConfig().getParameter("input_script")->value.toString();
        // Start a new python context independant of any other.
        PythonQtObjectPtr module = PythonQt::self()->createUniqueModule();
        // Evaluate the user-supplied python script.
        module.evalFile(script_name);
        // Call the 'main' function of the user script with the received table
        // ... and a table that will contatin the results as arguments.
        QVariant result = module.call("main",
            QVariantList() << QVariant::fromValue(p_flows.data())
                           << QVariant::fromValue(result_table.data()));

        // If the python script returned true, commit the results' table.
        if(result.toBool()) {
            commit("out", result_table);
        }

        return true;
    }

    return false;
}
Exemplo n.º 2
0
bool CFileNode::data(QString gate_name, const CConstDataPointer &data)
{
    // No input gates.
    Q_UNUSED(gate_name);

    if(data->getType() == "message") {
        auto pmsg = data.staticCast<const CMessageData>();
        QString msg = pmsg->getMessage();
        if(msg == "start") {

            // Create and read the file.
            QSharedPointer<CFileData> file_data =
                    QSharedPointer<CFileData>(
                        static_cast<CFileData *>(createData("file")));

            QVariant filename = getConfig().getParameter("input_file")->value;
            QVariant binary = getConfig().getParameter("binary")->value;

            if(!file_data.isNull() &&
                    file_data->readFile(filename.toString(),
                                        binary.toBool())) {
                commit("out", file_data);
            }
            else {
                commitError("out", "Could not read file.");
            }
            return true;
        }
    }

    return false;
}
bool CTcpStreamExtractorNode::data(QString gate_name,
                                   const CConstDataPointer &data)
{
    // No need to track gates.
    Q_UNUSED(gate_name);
    QString info;

    if(data->getType() == "tcpdump") {
        auto tcp_dump = data.staticCast<const CTcpDumpData>();

        // User parameters.
        QHostAddress addr_from;
        QHostAddress addr_to;
        quint32 ip_from = 0;
        quint32 ip_to = 0;
        quint16 port_from = 0;
        quint16 port_to = 0;

        bool dest_filter = getConfig().getParameter("dest_filter")->value.toBool();
        if(dest_filter) {
            // Get the destination IP to ranges to filter.
            QString dest_filter_from = getConfig().
                    getParameter("dest_ip_filter_from")->value.toString();
            QString dest_filter_to = getConfig().
                    getParameter("dest_ip_filter_to")->value.toString();
            addr_from = dest_filter_from;
            addr_to = dest_filter_to;
            ip_from = addr_from.toIPv4Address();
            ip_to = addr_to.toIPv4Address();

            // Get the destination port range to filter.
            port_from = getConfig().
                    getParameter("dest_port_filter_from")->value.toUInt();
            port_to = getConfig().
                    getParameter("dest_port_filter_to")->value.toUInt();
        }

        qint32 packet_count = tcp_dump->availablePackets();
        for(qint32 i = 0; i < packet_count; ++i) {
            QSharedPointer<const CTcpDumpPacket> packet = tcp_dump->getPacket(i);
            if(dest_filter) {
                if(packet->dest() < ip_from || packet->dest() >= ip_to ||
                   packet->dest_port() < port_from ||
                   packet->dest_port() > port_to) {
                    // Skip this package as it's outside the filter range.
                    continue;
                }
            }
            m_tcp_streams->addTcpPacket(packet);
        }

<<<<<<< HEAD
bool CTcpDumpNode::data(QString gate_name, const CConstDataPointer &data)
{
    // No need to track gates.
    Q_UNUSED(gate_name);

    if(data->getType() == "file") {
        QSharedPointer<const CFileData> file = data.staticCast<const CFileData>();
        QSharedPointer<CTcpDumpData> tcpdump = QSharedPointer<CTcpDumpData>(
                    static_cast<CTcpDumpData *>(createData("tcpdump")));

        setProgress(0);
        tcpdump->setNodeReporter(this);
        tcpdump->parse(file->getBytes());
<<<<<<< HEAD
Exemplo n.º 5
0
void CNode::processData(QString gate_name, const CConstDataPointer &data)
{
    // Can we process this message now or should we keep it in a queue for later
    // ... processing?
    if(isProcessing()) {
        qDebug() << "The node"
                 << m_config.getName()
                 << "is queuing the data type"
                 << data->getType();
        // Store the name of the gate and the data it is sending in the queue.
        QPair<QString, CConstDataPointer> gate_and_data;
        gate_and_data.first = gate_name;
        gate_and_data.second = data;
        m_processing_queue.enqueue(gate_and_data);
    }
    else {
        // Set the node as processing something.
        setProcessing(true);
        // Setup and start the task in another thread.
        startGateTask(gate_name, data);
    }
}
bool CMawiLabelsNode::data(QString gate_name, const CConstDataPointer &data)
{
    Q_UNUSED(gate_name);

    // Process input files.
    if(data->getType() == "file") {
        // The file to read.
        auto p_file = data.staticCast<const CFileData>();
        // The table to output the anomalies.
        QSharedPointer<CTableData> table_data = createTable();
        // Place the anomaly labels of the XML file into a table.
        if(parseMawiXml(p_file->getBytes(), table_data)) {
            // Pass the table of anomalies forward.
            commit("out", table_data);
        }
        else {
            commitError("out", "MAWI labels could not be parsed correctly.");
        }

        return true;
    }

    return false;
}