pystack/syslogd.py at master · jdimpson/pystack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/usr/bin/env python3
import sys,os
import stack.rawif
import stack.process

#sys.stdout = os.fdopen(sys.stdout.fileno(), 'w', 0)
class Unbuffered(object):
   def __init__(self, stream):
       self.stream = stream
   def write(self, data):
       self.stream.write(data)
       self.stream.flush()
   def writelines(self, datas):
       self.stream.writelines(datas)
       self.stream.flush()
   def __getattr__(self, attr):
       return getattr(self.stream, attr)

sys.stdout = Unbuffered(sys.stdout)

alen = len(sys.argv)
if alen > 1:
        myip  = sys.argv[1]
else:
        myip  = '10.0.0.5'

if alen > 2:
        iface = sys.argv[2]
else:
        iface = "eth0"

if alen > 3:
        mymac = sys.argv[3]
else:
        mymac = 'aa:bb:cc:dd:ee:ff'

raw = stack.rawif.bringupraw(iface=iface,promisc=True)
bcast = "ff:ff:ff:ff:ff:ff"
pe = stack.process.packetEngine(myipv4addr=myip, mymacaddr=mymac)
pe.report_layers=False
while True:
	# Read an Ethernet frame that's been sent to this device.
	ethframe = stack.rawif.readrawethframe(raw)
	if not stack.eth.dstfilter(mymac,ethframe,asbytes=True) and not stack.eth.dstfilter(bcast,ethframe,asbytes=True):
		continue
	try:
		info,out = pe.processEth(ethframe)
		for i in info:
			if i[-1] == '\n':
				end = ''
			else:
				end = '\n'
			if "SYSLOG" in i:
				print(i,end=end)
		if out:
			stack.rawif.writerawethframe(raw,out)
	except stack.process.IgnorePacket as e:
		pass
	except BrokenPipeError as e:
		exit(0)