summaryrefslogtreecommitdiffstats
path: root/features/support/helpers/firewall_helper.rb
diff options
context:
space:
mode:
Diffstat (limited to 'features/support/helpers/firewall_helper.rb')
-rw-r--r--features/support/helpers/firewall_helper.rb38
1 files changed, 22 insertions, 16 deletions
diff --git a/features/support/helpers/firewall_helper.rb b/features/support/helpers/firewall_helper.rb
index 49e9853..b608f7d 100644
--- a/features/support/helpers/firewall_helper.rb
+++ b/features/support/helpers/firewall_helper.rb
@@ -1,5 +1,10 @@
require 'packetfu'
+def looks_like_dhcp_packet?(protocol, sport, dport, ip_packet)
+ protocol == "udp" && sport == 68 && dport == 67 && ip_packet &&
+ ip_packet.ip_saddr == '0.0.0.0' && ip_packet.ip_daddr == "255.255.255.255"
+end
+
# Returns the unique edges (based on protocol, source/destination
# address/port) in the graph of all network flows.
def pcap_connections_helper(pcap_file, opts = {})
@@ -14,7 +19,10 @@ def pcap_connections_helper(pcap_file, opts = {})
end
sport = nil
dport = nil
- if PacketFu::TCPPacket.can_parse?(p)
+ if PacketFu::IPv6Packet.can_parse?(p)
+ ip_packet = PacketFu::IPv6Packet.parse(p)
+ protocol = 'ipv6'
+ elsif PacketFu::TCPPacket.can_parse?(p)
ip_packet = PacketFu::TCPPacket.parse(p)
protocol = 'tcp'
sport = ip_packet.tcp_sport
@@ -30,20 +38,12 @@ def pcap_connections_helper(pcap_file, opts = {})
elsif PacketFu::IPPacket.can_parse?(p)
ip_packet = PacketFu::IPPacket.parse(p)
protocol = 'ip'
- elsif PacketFu::IPv6Packet.can_parse?(p)
- ip_packet = PacketFu::IPv6Packet.parse(p)
- protocol = 'ipv6'
else
raise "Found something that cannot be parsed"
end
- if protocol == "udp" and
- sport == 68 and
- dport == 67 and
- ip_packet.ip_saddr == '0.0.0.0' and
- ip_packet.ip_daddr == "255.255.255.255"
- next if opts[:ignore_dhcp]
- end
+ next if looks_like_dhcp_packet?(protocol, sport, dport, ip_packet) &&
+ opts[:ignore_dhcp]
packet_info = {
mac_saddr: eth_packet.eth_saddr,
@@ -52,13 +52,19 @@ def pcap_connections_helper(pcap_file, opts = {})
sport: sport,
dport: dport,
}
- # It seems *Packet.parse can return nil despite *Packet.can_parse?
- # returning true.
- if ip_packet
+
+ begin
packet_info[:saddr] = ip_packet.ip_saddr
packet_info[:daddr] = ip_packet.ip_daddr
- else
- puts "We were hit by #11508. PacketFu bug? Packet info: #{packet_info}"
+ rescue NoMethodError, NameError
+ begin
+ packet_info[:saddr] = ip_packet.ipv6_saddr
+ packet_info[:daddr] = ip_packet.ipv6_daddr
+ rescue NoMethodError, NameError
+ puts "We were hit by #11508. PacketFu bug? Packet info: #{ip_packet}"
+ packet_info[:saddr] = nil
+ packet_info[:daddr] = nil
+ end
end
connections << packet_info
end