forked from sburnett/bismark-passive-server
-
Notifications
You must be signed in to change notification settings - Fork 0
/
flow_properties_processor.py
46 lines (38 loc) · 1.71 KB
/
flow_properties_processor.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
from abc import abstractmethod
from session_processor import SessionProcessor
class FlowPropertiesSessionProcessor(SessionProcessor):
def __init__(self):
super(FlowPropertiesSessionProcessor, self).__init__()
@abstractmethod
def process_packet(self, context, packet, port, device_names, domains):
pass
def process_update(self, context, update):
for packet in update.packet_series:
try:
flow, flow_data = context.flows[packet.flow_id]
except KeyError:
flow = flow_data = None
if flow is not None \
and flow.source_ip in context.address_map \
and flow.destination_ip not in context.address_map:
port = flow.destination_port
elif flow is not None \
and flow.destination_ip in context.address_map \
and flow.source_ip not in context.address_map:
port = flow.source_port
else:
port = -1
device_names = []
if flow is not None and flow.source_ip in context.mac_address_map:
device_names.append(context.mac_address_map[flow.source_ip])
if flow is not None \
and flow.destination_ip in context.mac_address_map:
device_names.append(
context.mac_address_map[flow.destination_ip])
if device_names == []:
device_names = ['unknown']
if flow_data is not None:
domains = flow_data['domains']
else:
domains = ['unknwon']
self.process_packet(context, packet, port, device_names, domains)