每次发生后,我的计数器都会被重置。具体来说,它并没有添加新号码,而是不断重复添加相同的号码。
尝试将计数器添加到顶部-计数但添加过多的次数(1287)应该仅为36
尝试在代码的下方添加计数器-不断重复添加相同的数字。
#!/usr/bin/env python3
import sys
import csv
from ipaddress import ip_address
from netaddr import EUI
import re
from ovsportranges import OvsPorts
TCP = 6
def yafreader(f):
reader = csv.reader(f, delimiter='|', skipinitialspace=True)
keys = [header.rstrip() for header in next(reader)]
return (dict(zip(keys, record)) for record in reader)
### PASS 1
SERVERS = dict()
with open('OPC_capture.yaf.txt', 'r', encoding='utf-8') as f:
for r in yafreader(f):
if int(r['proto']) != TCP:
continue
sip, sp = ip_address(r['sip']), int(r['sp'])
dip, dp = ip_address(r['dip']), int(r['dp'])
### if yaf determines direction by the TCP flags
### otherwise, uses first observation
if r['iflags'] == 'S' and r['riflags'] == 'AS':
SERVERS[(dip,'T',dp,)] = True
f = open ('OPC_capture.yaf.txt', 'r', encoding='utf-8')
IPTableDict = {}
CommandList = []
FlowSet = set()
tableCounter = 1
# Delete Flows
command = "sudo ovs-ofctl del-flows br-garret"
CommandList.append(command)
# Add Arp to Table 0
command = "sudo ovs-ofctl add-flow br-garret \"table=0,arp,actions=NORMAL\""
CommandList.append(command)
# Add flow to drop IPv6
command = "sudo ovs-ofctl add-flow br-garret \"table=0,ipv6,actions=DROP\""
CommandList.append(command)
# Enable ICMP
command = "sudo ovs-ofctl add-flow br-garret \"table=0,icmp,actions=NORMAL\""
CommandList.append(command)
ovsports = OvsPorts()
systemRange = ovsports.get_port_ranges(1,1023)
userRange = ovsports.get_port_ranges(1025,65535)
for record in yafreader(f):
# ignore multicast
srcMacAddress = EUI(record['srcMacAddress'])
destMacAddress = EUI(record['destMacAddress'])
if (srcMacAddress[0]&0x01) or (destMacAddress[0]&0x01):
continue
# if not a IPv4 address, do again
sip = ip_address(record['sip'])
dip = ip_address(record['dip'])
if sip.version != 4:
continue
# if not right address type
if sip.is_link_local or sip.is_multicast or sip.is_unspecified:
continue
if dip.is_link_local or dip.is_multicast or dip.is_unspecified:
continue
# generalize addresses
snet = 'NET'+str(ip_address(sip.packed[0:3]+b'\00'))
dnet = 'NET'+str(ip_address(dip.packed[0:3]+b'\00'))
# limit our model to tcp and udp
proto = int(record['proto'])
if proto not in (6,17,):
continue
sp = int(record['sp'])
dp = int(record['dp'])
# don't care about DHCP
if proto == 17 and sp in (67,68) and dp in (67,68):
continue
# use duration as integer weight
weight = int(float(record['duration'])+0.5)
### fixup direction if we can
if record['iflags'] == 'S' and record['riflags'] == 'AS':
direction = 0
elif (dip,'T',dp,) in SERVERS:
direction = 0
elif (sip,'T',sp,) in SERVERS:
direction = 1
elif sip < dip or (sip == dip and sp <= dp):
direction = 0
else:
direction = 1
protocol = proto
dst = dip
dport = dp
src = sip
sport = sp
tableCounter = 1
if proto == 6:
protocol = ("tcp")
elif proto == 17:
protocol = ("udp")
if protocol == "tcp" or "udp":
if dst not in IPTableDict:
IPTableDict["{0}".format(dst)] = tableCounter
flow = (0,dst,tableCounter)
if flow not in FlowSet:
FlowSet.add(flow)
command = "sudo ovs-ofctl add-flow br-garret \"table=0,ip,nw_dst={0},actions=resubmit(,{1})\"".format(dst, tableCounter)
CommandList.append(command)
tableCounter = tableCounter + 1
# SOURCE -------- Add table for unique IP. Set up resubmit flow.
if src not in IPTableDict:
IPTableDict["{0}".format(src)] = tableCounter
flow = (0,src,tableCounter)
if flow not in FlowSet:
FlowSet.add(flow)
command = "sudo ovs-ofctl add-flow br-garret \"table=0,ip,nw_dst={0},actions=resubmit(,{1})\"".format(src, tableCounter)
CommandList.append(command)
tableCounter = tableCounter + 1
# SOURCE ---------------- Find range
range = systemRange
if sport > 1025:
range = userRange
if range == systemRange:
flow = (IPTableDict["{0}".format(src)], protocol, sport, "src")
if flow not in FlowSet:
FlowSet.add(flow)
command = "sudo ovs-ofctl add-flow br-garret \"table={0},{1},tp_src={2},actions=NORMAL\"".format(IPTableDict["{0}".format(src)], protocol, sport)
CommandList.append(command)
else:
for r in range:
flow = (IPTableDict["{0}".format(src)], protocol, r.port, r.bitmask, "src")
if flow not in FlowSet:
FlowSet.add(flow)
command = "sudo ovs-ofctl add-flow br-garret \"table={0},{1},tp_src={2}/{3},actions=NORMAL\"".format(IPTableDict["{0}".format(src)], protocol, hex(r.port), hex(r.bitmask))
CommandList.append(command)
# DEST ---------------- Find range
range = systemRange
if dport > 1025:
range = userRange
if range == systemRange:
flow = (IPTableDict["{0}".format(dst)], protocol, dport, "dst")
if flow not in FlowSet:
FlowSet.add(flow)
command = "sudo ovs-ofctl add-flow br-garret \"table={0},{1},tp_dst={2},actions=NORMAL\"".format(IPTableDict["{0}".format(dst)], protocol, dport)
CommandList.append(command)
else:
for r in range:
flow = (IPTableDict["{0}".format(dst)], protocol, r.port, r.bitmask, "dst")
if flow not in FlowSet:
FlowSet.add(flow)
command = "sudo ovs-ofctl add-flow br-garret \"table={0},{1},tp_dst={2}/{3},actions=NORMAL\"".format(IPTableDict["{0}".format(dst)], protocol, hex(r.port), hex(r.bitmask))
CommandList.append(command)
f.close()
for command in CommandList:
print (command)
print (IPTableDict)
打印结果应显示在新表中显示的新IP地址,而不是相同的重复表。预计会添加36张桌子。