4 from switzerland
.common
.util
import bin2int
5 from switzerland
.common
import util
8 """Just a container for flow fields."""
16 def print_flow_tuple(f
):
17 """Pretty print the raw binary flow."""
19 return (s
.inet_ntoa(f
[0]),bin2int(f
[1]), s
.inet_ntoa(f
[2]), bin2int(f
[3]),\
20 util
.prot_name(bin2int(f
[4])))
23 """A Flow is a 5-tuple of source ip:port, destination ip:port and protocol."""
25 timeout
= 120 # seconds before a flow can be discarded
27 def __init__(self
, inbound
, src_ip
, src_port
, dest_ip
, dest_port
, proto
, now
, in_circle
):
28 assert isinstance(src_ip
, types
.StringType
), 'expecting string src_ip'
29 assert isinstance(src_port
, types
.StringType
), 'expecting string src_port'
30 assert isinstance(dest_ip
, types
.StringType
), 'expecting string dest_ip'
31 assert isinstance(dest_port
, types
.StringType
), 'expecting string dest_port'
32 assert isinstance(proto
, types
.StringType
), 'expecting string proto'
33 assert isinstance(now
, types
.FloatType
), 'expecting float now'
35 self
.reported
= False # have we told switzerland about the flow?
36 self
.activity
= False # has there been any traffic to report on this flow?
37 self
.inbound
= inbound
39 self
.src_port
= src_port
40 self
.dest_ip
= dest_ip
41 self
.dest_port
= dest_port
43 self
.in_circle
= in_circle
44 self
.time_last_active
= now
45 self
.time_started
= now
46 self
.bytes_transferred
= 0
47 self
.packets_transferred
= 0
50 (s1
, s2
, s3
, s4
) = struct
.unpack(">BBBB", self
.src_ip
)
51 (sp
,) = struct
.unpack('>H', self
.src_port
)
52 (d1
, d2
, d3
, d4
) = struct
.unpack(">BBBB", self
.dest_ip
)
53 (dp
,) = struct
.unpack('>H', self
.dest_port
)
54 proto
= util
.prot_name(ord(self
.proto
))
55 if sp
== 65535: sp
= 'none'
56 if dp
== 65535: dp
= 'none'
57 return "%s.%s.%s.%s:%s -> %s.%s.%s.%s:%s (%s)" % \
58 (s1
, s2
, s3
, s4
, sp
, d1
, d2
, d3
, d4
, dp
, proto
)
