-
Notifications
You must be signed in to change notification settings - Fork 15
/
NetMod.py
455 lines (396 loc) · 11 KB
/
NetMod.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
#!/usr/bin/env python
#
# This file is part of Etherwall
# Copyright (C) Agus Bimantoro <l0g.bima@gmail.com>
# This program is published under a GPLv3 license
import os
import re
import sys
import random
import logging
import struct
import fcntl
logging.getLogger('scapy.runtime').setLevel(logging.ERROR)
import scapy.all
from socket import *
# Network interface path
SYS_NET_PATH = "/sys/class/net" # Is a directory
PROC_NET_PATH = "/proc/net/dev" # Is a file
# Linux ARP cache path
LINUX_NET_ARP = "/proc/net/arp"
# From linux/sockios.h
# socket configuration controls
SIOCGIFFLAGS = 0x8913 # get flags
SIOCGIFNETMASK = 0x891b # get network PA mask
# From linux/if.h
# standard interface flags
IFF_UP = 0x1 # Interface is up.
# Loop back name
IFF_LOOP_BACK = "lo"
# Create socket
SOCK = socket(AF_INET, SOCK_DGRAM)
# Etherwall configuration path
ETHW_FILE = "/etc/etherwall/etherwall.conf"
ETHW_OUI_FILE = "/etc/etherwall/etherwall-oui.txt"
ALLOW_FILE = "/etc/etherwall/allow.conf"
# Regex to match the format of writing in etherwall.conf
ETHW_FILE_FORMAT = "[a-z]+=[\w:.-]"
# Regex to match the format of writing in allow.conf
ALLOW_FILE_FORMAT = "[0-9.]+-[a-zA-Z0-9:]"
# Regex to Match IPv4 + CIDR
IPv4_CIDR = "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])/([1-9]|1[0-9]|2[0-9]|3[0-2])$"
# Regex to Match MAC Address
MAC_ADDR = "([0-9a-fA-F]{2}[:-]){5}([0-9a-fA-F]{2})"
####################
## OBTAIN SECTION ##
####################
def get_if_all():
"""
Get all the list of network interface
"""
if_all = []
if os.path.exists(SYS_NET_PATH):
for dev in os.listdir(SYS_NET_PATH):
if_all.append(dev)
else:
for line in open(PROC_NET_PATH):
dev = line.split()[0].split(':')[0]
if_all.append(dev)
if_all.pop(0)
if_all.pop(0)
return if_all
def get_if_conf():
"""
Get the network configuration automatically
"""
for i in scapy.all.read_routes():
if ((i[0] == 0) and (i[2] != '0.0.0.0')):
ipgw = i[2]
iface = i[3]
ipaddr = i[4]
hwaddr = scapy.all.get_if_hwaddr(iface)
mask = inet_ntoa(fcntl.ioctl(SOCK, SIOCGIFNETMASK, struct.pack('256s', iface))[20:24])
cidr = get_cidr(mask)
break
try:
return (iface,hwaddr,ipaddr,ipgw,mask,cidr)
except UnboundLocalError:
return None
def get_if_conf_ff():
"""
Get the network configuration from file `/etc/etherwall/etherwall.conf' (specified configuration)
"""
#
# This function return 2 values (message code number & message)
# msg_code:
# 0 - no error
# 1 - bad parsing
# 2 - device not found
# 3 - incomplete configuration format
#
# msg:
# return messages
#
# initial number code
msg_code = 0
# option and values
config = {'manual':'no','iface':'','ipaddr':'','hwaddr':'','netmask':'','gwaddr':'','gwhwaddr':'','promisc':'no','msgbox':'yes'}
ethwfile = open(ETHW_FILE,'r')
# match the configuration format in '/etc/etherwall/etherwall.conf'
ethwfileformat = re.compile(ETHW_FILE_FORMAT)
# match the hadrdware address input
hwmatch = re.compile(MAC_ADDR)
# Process of parsing can use the ConfigParser module, but I am prefer with the manual ways
for n, line in enumerate(ethwfile,1): # n is a line number
if ethwfileformat.match(line.strip()):
options = line.strip().split('=')[0]
values = line.strip().split('=')[1]
if options in config:
if (options) == ('manual'):
if (values == 'yes') or (values == 'no'):
values = values
else:
msg_code = 1 # code number
msg = ("Parsing: `%s`: must be `yes` or `no`, etherwall.conf: Line %s" % (line.strip(),n)) # message
break
if (options) == ('promisc'):
if (values == 'yes') or (values == 'no'):
values = values
else:
msg_code = 1
msg = ("Parsing: `%s`: must be `yes` or `no`, etherwall.conf: Line %s" % (line.strip(),n))
break
if (options) == ('msgbox'):
if (values == 'yes') or (values == 'no'):
values = values
else:
msg_code = 1
msg = ("Parsing: `%s`: must be `yes` or `no`, etherwall.conf: Line %s" % (line.strip(),n))
break
if (options == 'iface'):
if values in get_if_all():
values = values
else:
if (config['manual'] != 'no'):
msg_code = 2
msg = ("Interface: `%s`: Device not found, etherwall.conf: Line %s" % (line.strip(),n))
break
if (options == 'ipaddr') or (options == 'gwaddr') or (options == 'netmask'):
if not check_ipv4(addr=values):
msg_code = 1
msg = ("Parsing: `%s`: Invalid IPv4 address, etherwall.conf: Line %s" % (line.strip(),n))
break
if (options == 'hwaddr') or (options == 'gwhwaddr'):
if not hwmatch.match(values):
msg_code = 1
msg = ("Parsing: `%s`: Invalid MAC address, etherwall.conf: Line %s" % (line.strip(),n))
break
config[options] = values
else:
msg_code = 1
msg = ("Parsing: `%s`: Unknown Format, etherwall.conf: Line %s" % (line.strip(),n))
break
elif re.match('^#',line.strip()):
pass
elif (line.strip() == ""):
pass
else:
msg_code = 1
msg = ("Parsing: `%s`: Bad Format, etherwall.conf: Line %s" % (line.strip(),n))
break
for keys in config:
if (config[keys] == '' and msg_code == 0 and config['manual'] == 'yes'):
msg_code = 3
msg = ("Configuration: `%s` is Needed, etherwall.conf: Line %s" % (keys,n))
break
if (msg_code == 0):
# get cidr
config['cidr'] = get_cidr(mask=config['netmask'])
msg = config
return msg_code, msg
else:
return msg_code, msg
ethwfile.close()
def get_cidr(mask):
"""
Get CIDR by netmask
"""
if (mask == '128.0.0.0'):
return 1
elif (mask == '192.0.0.0'):
return 2
elif (mask == '224.0.0.0'):
return 3
elif (mask == '240.0.0.0'):
return 4
elif (mask == '248.0.0.0'):
return 5
elif (mask == '252.0.0.0'):
return 6
elif (mask == '254.0.0.0'):
return 7
elif (mask == '255.0.0.0'):
return 8
elif (mask == '255.128.0.0'):
return 9
elif (mask == '255.192.0.0'):
return 10
elif (mask == '255.224.0.0'):
return 11
elif (mask == '255.240.0.0'):
return 12
elif (mask == '255.248.0.0'):
return 13
elif (mask == '255.252.0.0'):
return 14
elif (mask == '255.254.0.0'):
return 15
elif (mask == '255.255.0.0'):
return 16
elif (mask == '255.255.128.0'):
return 17
elif (mask == '255.255.192.0'):
return 18
elif (mask == '255.255.224.0'):
return 19
elif (mask == '255.255.240.0'):
return 20
elif (mask == '255.255.248.0'):
return 21
elif (mask == '255.255.252.0'):
return 22
elif (mask == '255.255.254.0'):
return 23
elif (mask == '255.255.255.0'):
return 24
elif (mask == '255.255.255.128'):
return 25
elif (mask == '255.255.255.192'):
return 26
elif (mask == '255.255.255.224'):
return 27
elif (mask == '255.255.255.240'):
return 28
elif (mask == '255.255.255.248'):
return 29
elif (mask == '255.255.255.252'):
return 30
elif (mask == '255.255.255.254'):
return 31
elif (mask == '255.255.255.255'):
return 32
def get_dns():
"""
DNS resolver configuration
"""
try:
dns = []
dnsfile = open('/etc/resolv.conf', 'r')
for line in dnsfile:
dns.append(line.strip())
dnsfile.close()
return dns
except:
return False
def get_fake_hwaddr():
"""
Generate the fake hardware address
"""
hwaddr = [ 0x00,
random.randint(0x00, 0xff),
random.randint(0x00, 0xff),
random.randint(0x00, 0xff),
random.randint(0x00, 0xff),
random.randint(0x00, 0xff) ]
return ':'.join(map(lambda x: "%02x" % x, hwaddr))
def imp_allow_host():
"""
Import the list of allowed hosts
"""
#
# This function return 2 values (message code number & message)
# msg_code:
# 0 - no error
# 1 - bad parsing
#
# msg:
# return messages
#
# initial code number
msg_code = 0
# put a list of hosts that are allowed
allow_host = []
allowfile = open(ALLOW_FILE,'r')
# match the configuration format in '/etc/etherwall/allow.conf'
allowfileformat = re.compile(ALLOW_FILE_FORMAT)
# match the hadrdware address input
hwmatch = re.compile(MAC_ADDR)
# parsing by manual
for n, host in enumerate(allowfile,1): # n is a line number
if allowfileformat.match(host.strip()):
ipaddr = host.strip().split('-')[0]
hwaddr = host.strip().split('-')[1]
if not (check_ipv4(addr=ipaddr)):
msg_code = 1
msg = ("Parsing: `%s`: Invalid IPv4 address, allow.conf: Line %s" % (host.strip(),n))
break
if not hwmatch.match(hwaddr):
msg_code = 1
msg = ("Parsing: `%s`: Invalid MAC address, allow.conf: Line %s" % (host.strip(),n))
break
allow_host.append("%s %s" % (ipaddr,hwaddr.lower()))
elif re.match('^#',host.strip()):
pass
elif (host.strip() == ""):
pass
else:
msg_code = 1
msg = ("Parsing: `%s`: Bad Format, allow.conf: Line %s" % (host.strip(),n))
break
if (msg_code == 0):
msg = allow_host
return msg_code, msg
else:
return msg_code, msg
allowfile.close()
###################
## CHECK SECTION ##
###################
def check_if_up(iface=None):
"""
Check whether the interface is up
"""
# by scapy
# if iface in scapy.all.get_working_if():
# return True # is Up
# else:
# return False # is Down
ifreq = struct.pack('16sh', iface, 0)
flags = struct.unpack('16sh', fcntl.ioctl(SOCK.fileno(), SIOCGIFFLAGS, ifreq))[1]
if (iface == IFF_LOOP_BACK):
return False # is Down
elif (flags & IFF_UP):
return True # is Up
else:
return False # is Down
def check_ipv4(addr=None):
"""
Check the IPv4 address format
"""
try:
if (len(addr.split(".")) == 4):
inet_aton(addr)
return True # IPv4 Valid
else:
return False # IPv4 Invalid
except error:
ipv4cidr = re.compile(IPv4_CIDR)
if (ipv4cidr.match(addr)):
return True # IPv4+CIDR/Prefix Valid
else:
return False # Invalid IPv4 address or Invalid CIDR
def check_mac_vendor(mac=None, info=False, macvendor=False):
"""
Check the MAC Address Vendor
"""
# convert mac to upper case
mac = mac.upper()
# match the hadrdware address
hwmatch = re.compile(MAC_ADDR)
# open oui file (database vendor file)
ouifile = open(ETHW_OUI_FILE).read()
ouifile = ouifile.split("\n\n")
if hwmatch.match(mac):
# 3 byte for identification vendor
mac = mac[0:2]+'-'+mac[3:5]+'-'+mac[6:8]
for line in ouifile:
if mac in line:
if info:
mac = line
else:
mac = line.split()
macvendor = True
break
if macvendor: # mac vendor found !
if not info: # information is not complete, just vendor
for n, i in enumerate(mac, 1):
if (i == ("(hex)")):
hexline = n
if (i == mac[0].replace("-","")):
macline = n
return " ".join(mac[hexline:macline-1])
else: # information complete, about country, address, etc
return mac
else: # mac vendor not found !
mac = "Unknown"
return mac
else:
return False # invalid MAC address
def flush_arp_cache():
"""
Delete all ARP entry
"""
for ip in open(LINUX_NET_ARP,'r'):
if check_ipv4(ip):
os.system("arp -d %s &> /dev/null" % (ip.split()[0]))
## EOF ##