EyeSpy: C:/work/RevealedSystems/EyeSpy-RS/eyespy/src/objects/logic/entity/entityManager.py Source File

00001 # Copyright (C) 2008-2009  Mark Hanegraaff
00002 #
00003 # This program is free software: you can redistribute it and/or modify
00004 # it under the terms of the GNU General Public License as published by
00005 # the Free Software Foundation, either version 3 of the License, or
00006 # (at your option) any later version.
00007 #
00008 # This program is distributed in the hope that it will be useful,
00009 # but WITHOUT ANY WARRANTY; without even the implied warranty of
00010 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00011 # GNU General Public License for more details.
00012 #
00013 # You should have received a copy of the GNU General Public License
00014 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
00015 
00016 import socket
00017 from objects.logic.common.exception import exception
00018 from objects.logic.entity.networkEntity import networkEntity
00019 from objects.logic.entity.entityStatistics import entityStatistics
00020 from objects.logic.common.logger import logger
00021 
00022 from objects.logic.process.extXportTableDict import extXportTableDict
00023 from objects.logic.network.packetDecoder import packetDecoder
00024 from objects.logic.common.globalStrings import globalStrings
00025 from objects.logic.common.observerInterface import observerInterface
00026 
00027 from threading import  RLock
00028 import win32com.client
00029 import pyproj, sys, os
00030 import time
00031 
00032 import copy
00033 
00034 
00035 ## The entityManager class maintains two dictionaries of entities in the form of:
00036 #
00037 # {[ip,dstPort]: networkEntity} and  
00038 # {(lon, lat): networkEntityList()}.
00039 #
00040 # The first dictionary is optimized for fast lookup of an individual networkEntiry, since the dictionary is a 1-1 match.
00041 # The second dictionary is optimized for the map Drawing cycle.
00042 # Both dictionaries are built on the fly for performance reasons.
00043 # The entityManager class is also one of the consumers of the networkMonitor objects, building the dictionary as it is fed new packets. 
00044 class entityManager(observerInterface):
00045     def __init__(self):
00046         
00047         #{[destIP,destPost]: entity}
00048         self.entityCollection = dict()
00049         self.stats            = entityStatistics()
00050         
00051         # a filtered dictionary, by its primary key        
00052         self.filteredColl         = dict()
00053         # a filtered dictionary, by location
00054         self.filteredCollByLoc    = dict()
00055         
00056         self.currentIPAddress = None
00057         self.selfIPList       = None
00058         self.selfIPAddress    = None
00059         
00060         self.lck              = RLock()
00061         
00062         self.geoIP            = None
00063         
00064         self.getHostIPList()  
00065         self.intializeIPDatabase()
00066         
00067         self.xportTableDict = extXportTableDict()
00068         
00069         self.decoder = packetDecoder()
00070         self.decoder.setDefaultReader()
00071         
00072         self.cnt = 0
00073     
00074     
00075     ## Clears the internal networkEntity dictionaries 
00076     def removeAllEntities(self):
00077         self.lck.acquire(1)                    
00078         try:
00079             self.entityCollection     = dict() 
00080             self.filteredColl         = dict()        
00081             self.filteredCollByLoc    = dict()              
00082         finally:
00083             self.lck.release()
00084     
00085     def getEntityCollectionSize(self):
00086         return len(self.entityCollection)
00087     
00088     
00089     ## Initialize the MaxMind GEO IP Database.    
00090     # TODO -- handle exceptions caused by the DLL not being properly installed
00091     # DLL is installted by copying GeoIpComEx.dll to the windows/system32 folder (or windows/syswow64 for 64 bit version of windows) and
00092     # then registering it.
00093     def intializeIPDatabase(self):        
00094         self.geoIP = win32com.client.Dispatch("GeoIPCOMEx.GeoIPEx")        
00095         geoIPDBLocation = os.sep.join([os.path.dirname(__file__), globalStrings.geoIPDBLocation()])
00096         
00097         
00098         print geoIPDBLocation
00099         self.geoIP.set_db_path(geoIPDBLocation)
00100         
00101     def getSafeEntityCollectionByPK(self):        
00102         newDict = None
00103         # lock the object
00104         self.lck.acquire(1)                    
00105         try:
00106             newDict =  self.entityCollection.copy()                
00107         finally:
00108             self.lck.release()
00109         
00110         return newDict
00111 
00112     
00113     ## Returns a subset of the "master" networkEntity Dictionary filtered by the supplied "filter" object.
00114     # If "filter" is None, then just return a copy of the previously filtered collection.
00115     # This is done to reduce the nummber of filtering operations, since this can become time consuming if the Dictionary becomes large.
00116     # Since The entity collection is indexed by its primary key, so each
00117     # dictionary key has exactly one element.
00118     # @param filter baseFilter derived filter object
00119     # @return Dictionary in the form of: {[ip,dstPort]: networkEntity}.
00120     def getSafeFilteredEntityCollectionByPK(self, filter):
00121         
00122         start = time.time()
00123           
00124         if filter == None:
00125             return self.filteredColl.copy() 
00126         
00127         else:        
00128             # lock the object
00129             self.lck.acquire(1)
00130             try:                
00131                 self.filteredDict.clear()
00132                 
00133                 for key, netEnt in self.entityCollection.iteritems():
00134                     if filter.shouldDisplayEntity(netEnt):                    
00135                         self.filteredColl[key] = netEnt                
00136             finally:
00137                 self.lck.release()
00138         
00139         end = time.time()
00140         msg = "getSafeFilteredEntityCollectionByPK: %3.4f to process %d Items" % (end - start, len(self.entityCollection))
00141         #print msg
00142         
00143         return self.filteredColl.copy()    
00144                         
00145     
00146     
00147     ## Returns a subset of the networkEntity dictionary keyed by Geographical location. 
00148     # This is done to keep track of of multiple entities at distinct locations 
00149     # which facilitate the main Map redraw cycle. This list will essentially contain
00150     # the same information as a filtered entity collection, but it will
00151     # be keyed by location rather than its primary key. 
00152     #    
00153     # The key of the dictionary is the longitude/latitude pair.
00154     # the value is an small list of all entities at that
00155     # particular location.
00156     # @param filter baseFilter derived filter object
00157     # @return Dictionary in the form of: {(lon, lat): entityList() }
00158     def getSafeFilteredEntityCollectionByGeoLoc(self, filter):
00159         
00160         start = time.time()
00161         
00162         insertIntoList = True
00163           
00164         if filter == None:
00165             return copy.copy(self.filteredCollByLoc)
00166         
00167         else:        
00168             # lock the object
00169             self.lck.acquire(1)
00170             try:
00171                 self.filteredCollByLoc.clear()
00172                 
00173                 for key, netEnt in self.entityCollection.iteritems():
00174                         if filter.shouldDisplayEntity(netEnt):
00175                             
00176                             lon = netEnt.foreignLongitude
00177                             lat = netEnt.foreignLatitude
00178                                                         
00179                             newKey = (lon, lat)
00180                             if not self.filteredCollByLoc.has_key(newKey):                                
00181                                 self.filteredCollByLoc[newKey] = list()  
00182                                  
00183                             self.filteredCollByLoc[newKey].append(netEnt)
00184                                     
00185                                          
00186             finally:
00187                 self.lck.release()
00188                 
00189             end = time.time()
00190             msg = "getSafeFilteredEntityCollectionByGeoLoc: %3.4f to process %d Items" % (end - start, len(self.entityCollection))
00191             #print msg
00192                         
00193             return copy.copy(self.filteredCollByLoc)
00194     
00195     
00196     def __getattr__(self, name):    
00197         if name == 'geoIP':
00198             return self.geoIP
00199         
00200         logger.log(__name__ + ": Cannot get [" + name + "] attribute")
00201         raise AttributeError, name
00202         
00203     
00204     ## Pcapy lacks the ability to derive any meaningful information (like an IP address) from a NPF device name.
00205     # This functions will retrieve all IP addresses allocated by the system.
00206     # This list will then be used to "guess" to source IP (as the this Computer's IP) by looking at the rest of the IP traffic.    
00207     def getHostIPList(self):
00208         hostnameInfo = socket.gethostbyname_ex(socket.gethostname())
00209                 
00210         self.hostIPList = hostnameInfo[2] 
00211         print self.hostIPList
00212         
00213     ## Implementation of observer method. this class is an observer of the networkMonitor class
00214     def update(self, header, data):    
00215         
00216         #self.cnt += 1
00217         #print "%d" % (self.cnt)  
00218           
00219         decodedPacketDict = self.decoder.decodePacket(header, data)
00220         
00221         if decodedPacketDict == None:
00222             logger.log(__name__ + "Will not process packet because could not decode")
00223             return
00224         
00225         # in case of an ICMP packet, only Ping type requests should be allowed to
00226         # be displayed as entities
00227         if self.decoder.getXportProtocolString(decodedPacketDict['transportProtocol']) == 'ICMP':
00228             if not self.decoder.isPing(decodedPacketDict['networkHeader'], decodedPacketDict['transportHeader']):
00229                 return    
00230         try:
00231             self.processDataPacket(decodedPacketDict);
00232         except exception, ex:
00233             pass
00234 
00235         
00236     
00237     ## Looks at decoded packet Dictionary, and tried to guess which IP address is the one assigned to the current PC.
00238     # @param decodedPackeDict Dictionary
00239     # @return Either the source or destination IP Address. Whichever is the "Self" Address.
00240     def extractSelfIPAddress(self, decodedPackeDict):
00241         if decodedPackeDict['sourceIP'] in self.hostIPList:
00242             return decodedPackeDict['sourceIP']
00243         
00244         if decodedPackeDict['destIP'] in self.hostIPList:
00245             return decodedPackeDict['destIP']
00246         
00247         raise exception("Could not identify the IP Address of this device.", True)
00248     
00249     
00250     
00251     ## processes a single decoded packet Dictionary.
00252     # @param decodedPacketDict Decoded packet Dictionary
00253     def processDataPacket(self, decodedPacketDict): 
00254                        
00255         if self.selfIPAddress == None:
00256             self.selfIPAddress = self.extractSelfIPAddress(decodedPacketDict)
00257             logger.log(__name__ + ":" + self.selfIPAddress)
00258         
00259         # lock the object
00260         self.lck.acquire(1)
00261         
00262         try:
00263             # create a list used as s key for the entity dictionary        
00264             key = list()
00265 
00266             if self.selfIPAddress == decodedPacketDict['sourceIP']:
00267                 NodeInfo, procState = self.xportTableDict.getXportTableInfo(decodedPacketDict['sourcePort'])
00268                 
00269                 if NodeInfo == None:
00270                     Pid = "0"
00271                 else:
00272                     Pid = "%d" % NodeInfo["Pid"]
00273         
00274                 key = (decodedPacketDict['destIP'], Pid)                            
00275             else:
00276                 NodeInfo, procState = self.xportTableDict.getXportTableInfo(decodedPacketDict['destPort'])
00277                 
00278                 if NodeInfo == None:
00279                     Pid = "0"
00280                 else:
00281                     Pid = "%d" % NodeInfo["Pid"]
00282             
00283                 key = (decodedPacketDict['sourceIP'], Pid)
00284             
00285             if not self.entityCollection.has_key(key):            
00286                 self.entityCollection[key] = networkEntity(self.selfIPAddress, decodedPacketDict, self.geoIP, self.xportTableDict)
00287             
00288             # process the packet 
00289             self.entityCollection[key].computeStatistics(decodedPacketDict)
00290             
00291         except Exception, ex:
00292                 logger.log(__name__ + ": There was an exception processing decoded packet")
00293                 logger.log(ex)
00294         finally:
00295             self.lck.release()
00296                 
00297