Add some new events (still experimental).
authorMichael Tremer <michael.tremer@ipfire.org>
Thu, 29 Apr 2010 17:31:29 +0000 (19:31 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 29 Apr 2010 17:32:02 +0000 (19:32 +0200)
cappie/constants.py
cappie/events.py

index de00993..d68fcc7 100644 (file)
@@ -25,3 +25,6 @@ TYPE_ARP = 0
 
 OPERATION_REQUEST = 0
 OPERATION_RESPONSE = 1
+
+DB_LASTSEEN_MAX = 5*60 # 5 minutes
+DB_GC_INTERVAL = 60
index edb6051..236e19f 100644 (file)
@@ -23,6 +23,7 @@ import os
 import subprocess
 import time
 
+from constants import *
 from errors import *
 
 class Event(object):
@@ -81,3 +82,89 @@ class EventShell(Event):
                        p.returncode)
 
                return p.returncode
+
+
+class EventRequestTrigger(Event):
+       def __init__(self, interface, packet):
+               Event.__init__(self, interface)
+
+               self.db = interface.cappie.db
+               self.packet = packet
+
+       def _updateAddress(self, mac, address):
+               where = "WHERE mac = '%s' AND address = '%s'" % (mac, address)
+
+               if self.db.get("SELECT * FROM addresses %s" % where):
+                       self.db.execute("UPDATE addresses SET lastseen='%d' %s" % \
+                               (time.time(), where))
+               else:
+                       self.db.execute("INSERT INTO addresses VALUES('%s', '%s', '%d')" % \
+                               (mac, address, time.time()))
+
+       def _updateChanges(self, *args):
+               for arg in args:
+                       where = "WHERE address = '%s'" % arg
+                       if self.db.get("SELECT * FROM changes %s" % where):
+                               self.db.execute("UPDATE changes SET lastchange = '%d' %s" % \
+                                       (time.time(), where))
+                       else:
+                               self.db.execute("INSERT INTO changes VALUES('%s', '%d')" % \
+                                       (arg, time.time()))
+
+       def run(self):
+               mac = self.packet.source_address
+               address = self.packet.source_ip_address
+
+               self._updateAddress(mac, address)
+               self._updateChanges(mac, address)
+
+
+class EventResponseTrigger(EventRequestTrigger):
+       pass
+
+
+class EventGarbageCollector(Event):
+       def __init__(self, db, log):
+               self.db = db
+               self.log = log
+
+       def run(self):
+               # Remove old addresses
+               self.db.execute("DELETE FROM addresses WHERE lastseen >= '%d'" % \
+                       (time.time() - DB_LASTSEEN_MAX))
+
+               self.db.commit()
+
+
+class EventCheckDuplicate(Event):
+       def __init__(self, interface, packet):
+               Event.__init__(self, interface)
+               self.packet = packet
+
+       def run(self):
+               entries = self.db.query("SELECT * FROM addresses WHERE address = '%s'" % \
+                       self.packet.source_ip_address)
+
+               if not entries:
+                       return
+
+               for entry in entries:
+                       if self.packet.source_address == entry.mac:
+                               entries.remove(entry)
+
+               if len(entries) > 1:
+                       self.addEvent(EventHandleDuplicate(self.interface, self.packet))
+
+
+class EventHandleDuplicate(Event):
+       def __init__(self, interface, packet):
+               Event.__init__(self, interface)
+               self.packet = packet
+
+       def run(self):
+               self.log.warning("We probably have a mac spoofing for %s" % \
+                       self.packet.source_address)
+
+
+class EventCheckFlipFlop(Event):
+       pass