import subprocess
import time
+from constants import *
from errors import *
class Event(object):
p.returncode)
return p.returncode
+
+
+class EventRequestTrigger(Event):
+ def __init__(self, interface, packet):
+ Event.__init__(self, interface)
+
+ self.db = interface.cappie.db
+ self.packet = packet
+
+ def _updateAddress(self, mac, address):
+ where = "WHERE mac = '%s' AND address = '%s'" % (mac, address)
+
+ if self.db.get("SELECT * FROM addresses %s" % where):
+ self.db.execute("UPDATE addresses SET lastseen='%d' %s" % \
+ (time.time(), where))
+ else:
+ self.db.execute("INSERT INTO addresses VALUES('%s', '%s', '%d')" % \
+ (mac, address, time.time()))
+
+ def _updateChanges(self, *args):
+ for arg in args:
+ where = "WHERE address = '%s'" % arg
+ if self.db.get("SELECT * FROM changes %s" % where):
+ self.db.execute("UPDATE changes SET lastchange = '%d' %s" % \
+ (time.time(), where))
+ else:
+ self.db.execute("INSERT INTO changes VALUES('%s', '%d')" % \
+ (arg, time.time()))
+
+ def run(self):
+ mac = self.packet.source_address
+ address = self.packet.source_ip_address
+
+ self._updateAddress(mac, address)
+ self._updateChanges(mac, address)
+
+
+class EventResponseTrigger(EventRequestTrigger):
+ pass
+
+
+class EventGarbageCollector(Event):
+ def __init__(self, db, log):
+ self.db = db
+ self.log = log
+
+ def run(self):
+ # Remove old addresses
+ self.db.execute("DELETE FROM addresses WHERE lastseen >= '%d'" % \
+ (time.time() - DB_LASTSEEN_MAX))
+
+ self.db.commit()
+
+
+class EventCheckDuplicate(Event):
+ def __init__(self, interface, packet):
+ Event.__init__(self, interface)
+ self.packet = packet
+
+ def run(self):
+ entries = self.db.query("SELECT * FROM addresses WHERE address = '%s'" % \
+ self.packet.source_ip_address)
+
+ if not entries:
+ return
+
+ for entry in entries:
+ if self.packet.source_address == entry.mac:
+ entries.remove(entry)
+
+ if len(entries) > 1:
+ self.addEvent(EventHandleDuplicate(self.interface, self.packet))
+
+
+class EventHandleDuplicate(Event):
+ def __init__(self, interface, packet):
+ Event.__init__(self, interface)
+ self.packet = packet
+
+ def run(self):
+ self.log.warning("We probably have a mac spoofing for %s" % \
+ self.packet.source_address)
+
+
+class EventCheckFlipFlop(Event):
+ pass