vespa package

Submodules

vespa.aes_gcm module

class vespa.aes_gcm.AES_GCM(master_key)[source]
change_key(master_key)[source]
decrypt(init_value, ciphertext, auth_tag, auth_data='')[source]
encrypt(init_value, plaintext, auth_data='')[source]
exception vespa.aes_gcm.InvalidInputException(msg)[source]

Bases: exceptions.Exception

exception vespa.aes_gcm.InvalidTagException[source]

Bases: exceptions.Exception

vespa.aes_gcm.gf_2_128_mul(x, y)[source]

vespa.agent module

Agent representation

class vespa.agent.Agent(name, host, port, master, run=True)[source]

Bases: vespa.node.Node

vespa.agent_av module

Agent representation

class vespa.agent_av.Agent_AV(name, host, port, master, vm)[source]

Bases: vespa.agent.Agent

Create an Agent able to communicate with the ClamAV backend (need a driver).

Returns:The Agent instance to offer the ClamAV support
Return type:Node
connect_warning()[source]

Set up the agent for interactions with the VM

dump_analyzed_file_list()[source]

Gather list of files analyzed bi the ClamAV antivirus

Returns:The list of analyzed files
Return type:list
isolate_warning(vm)[source]

Set up the agent for interactions with the hypervisor

Parameters:vm (str) – The tuple (name, host, port) describing the backend
send(msg)[source]

Overload the internal send to capture and send messages to the backend

Parameters:msg (str) – The massage to process and to send
Returns:The backend response
Return type:str

vespa.agent_bandwidth module

Agent wrapper around /proc/dev/net to filter an interface statistics. The interface eth0 is used as default.

class vespa.agent_bandwidth.Agent_Bandwidth(name, host, port, master, run=True)[source]

Bases: vespa.agent.Agent

Provide a wrapper around Linux interfaces /proc files. The Agent can extract information of specific interfaces, i.e. eth0 or lo.

Returns:The agent to grab informations
Return type:Node
get_mac()[source]

Grab the mac address of the class defined _self.iface_

Returns:The string containing the mac address, colon separated
Return type:str
launch()[source]

Send _recv_bytes_ and _trans_bytes_ back to the master every second

vespa.agent_connections module

Counting connections as suggested into:
http://www.linuxjournal.com/content/back-dead-simple-bash-complex-ddos

SynFlood https://raw.github.com/arthurnn/SynFlood/master/synflood

class vespa.agent_connections.Agent_Connections(name, host, port, master, run=True)[source]

Bases: vespa.agent.Agent

An agent gathering network links through psutil python module or system lsof command

Returns:The wrapper
Return type:Node
launch()[source]

Return network connections to orchestrator layer every second using either psutil or lsof

vespa.agent_controller module

Agent to wrap Gandalf’s controller

class vespa.agent_controller.Agent_Controller(name, host, port, master, run=False)[source]

Bases: vespa.agent.Agent

Create an Agent to send a mac address to an OpenFlow controller

Returns:The Agent instance to offer the OpenFlow alert_ip function
Return type:Node
alert_ip(ip, mac)[source]

Block the mac address on the network

Parameters:
  • ip (str) – The IP address or domain of the controller
  • mac (str) – The mac address to block on the network
Returns:

The “Ok” string
Return type:

str

vespa.agent_controller_floodlight module

Agent to wrap Gandalf’s controller. Based on floodlight, it can be a nice start for a full API against floodlight.

class vespa.agent_controller_floodlight.Agent_Controller_Floodlight(name, host, port, master, run=False)[source]

Bases: vespa.agent_controller.Agent_Controller

Flag a mac address as suspicious and gather statistics for local links

Returns:The wrapper to the OMN controller
Return type:Node
alert_ip(ip, mac)[source]

Block a tuple (ip,mac) with SDN

Parameters:
  • IP (str) – The IP to block (for future)
  • mac (str) – The associated MAC address (needed)
Returns:

The controller response
Return type:

str
block_hackers(mac)[source]

Block a MAC address with SDN

Parameters:mac (str) – The associated MAC address
Returns:The controller response
Return type:str

Get links statistics over the floodlight controller

Parameters:cmd (str) – The floodlight URL to grab the links statistics
Returns:The controller response
Return type:str
get_topology(cmd='wm/topology/switchclusters/json')[source]

Get the current topology of the SDN network

Parameters:cmd (str) – The floodlight URL to grab the topology
Returns:The list of nodes and links detected
Return type:dict
release_hackers()[source]

Release all tuples (ip,mac) with SDN

Returns:The controller response
Return type:str
status_hackers()[source]

Get the status of a tuple (ip,mac) with SDN

Returns:The controller response
Return type:str

vespa.agent_controller_pox module

Agent to wrap the POX python SDN controller. It require some modification on the other side too. You can follow the mac address blocking tutorial on the POX website.

class vespa.agent_controller_pox.Agent_Controller_Pox(name, host, port, master, run=False)[source]

Bases: vespa.agent_controller.Agent_Controller

Flag a mac address as suspicious and gather statistics for local links

Returns:The wrapper to the OMN controller
Return type:Node
alert_ip(ip, mac)[source]

Block a tuple (ip,mac) with SDN

Parameters:
  • IP (str) – The IP to block (for future)
  • mac (str) – The associated MAC address (needed)
Returns:

The controller response
Return type:

str
block_hackers()[source]

Block a MAC address with SDN

Parameters:mac (str) – The associated MAC address
Returns:The controller response
Return type:str

Get links statistics over the pox controller

Parameters:cmd (str) – The POX URL to grab the links statistics
Returns:The controller response
Return type:str
get_topology(cmd='get_topology')[source]

Get the current topology of the SDN network

Parameters:cmd (str) – The POX URL to grab the topology
Returns:The list of nodes and links detected
Return type:dict
release_hackers()[source]

Release all tuples (ip,mac) with SDN

Returns:The controller response
Return type:str
status_hackers()[source]

Get the status of a tuple (ip,mac) with SDN

Returns:The controller response
Return type:str

vespa.agent_libvirt module

class vespa.agent_libvirt.Agent_Libvirt(name, host, port, master, run=True)[source]

Bases: vespa.agent.Agent

contains_vm(vm)[source]
launch()[source]
migrate(nodeName, quarantine, quarantine_user)[source]
restart(vm)[source]
restart_hard(vm)[source]
send(msg)[source]
send_key(vm, args)[source]

vespa.controller module

Controller

class vespa.controller.Controller(model, view, testmode=False)[source]

Bases: object

handler(signum, false)[source]
start()[source]
class vespa.controller.HttpServer(name, host, port, handler, c)[source]
start()[source]
stop()[source]
class vespa.controller.HttpServerHandler(request, client_address, server)[source]

Bases: BaseHTTPServer.BaseHTTPRequestHandler

do_GET()[source]
log_message(format, *args)[source]
class vespa.controller.MyHTTPServer(server_address, RequestHandlerClass, handler, control)[source]

Bases: BaseHTTPServer.HTTPServer

this class is necessary to allow passing custom request handler into the RequestHandlerClass

vespa.controller.server_handler(c, request)[source]

vespa.ho module

Horizontal orchestrator

class vespa.ho.HO(name, host, port, master, run=True)[source]

Bases: vespa.node.Node

findAgent(name)[source]

vespa.ho_hy module

Horizontal orchestrator

class vespa.ho_hy.HO_HY(name, host, port, master, run=True)[source]

Bases: vespa.ho.HO

Create an horizontal orchestrator to handle agents at the hypervisor level.

Returns:The HO to gather and react on hypervisor agents.
Return type:Node
ninjaMethod()[source]

Empty function for tests

send(msg)[source]

Overload the internal send() to capture and send messages to the backend

Parameters:msg (str) – The massage to process and to send
Returns:The backend response
Return type:str

vespa.ho_ph module

Horizontal orchestrator

class vespa.ho_ph.HO_PH(name, host, port, master, run=True)[source]

Bases: vespa.ho.HO

Create an horizontal orchestrator to handle agents at the physical level.

Returns:The HO to gather and react on physical agents.
Return type:Node
ninjaMethod()[source]

Empty function for tests

send(msg)[source]

Overload the internal send() to capture and send messages to the backend

Parameters:msg (str) – The massage to process and to send
Returns:The backend response
Return type:str

vespa.ho_vm module

Horizontal orchestrator

class vespa.ho_vm.HO_VM(name, host, port, master, run=True)[source]

Bases: vespa.ho.HO

Create an horizontal orchestrator to handle agents at the VM level.

Returns:The Horizontal Orchestrator to gather and react on VM agents.
Return type:Node
ninjaMethod()[source]

Empty function for tests

send(msg)[source]

Overload the internal send() to capture and send messages to the backend

Parameters:msg (str) – The massage to process and to send
Returns:The backend response
Return type:str

vespa.log_pipe module

log_pipe

class vespa.log_pipe.bcolors[source]

Bases: object

ENDC = '\x1b[0m'
FAIL = '\x1b[91m'
HEADER = '\x1b[95m'
OKBLUE = '\x1b[94m'
OKGREEN = '\x1b[92m'
WARNING = '\x1b[93m'
disable()[source]
vespa.log_pipe.debug1(str)[source]
vespa.log_pipe.debug2(str)[source]
vespa.log_pipe.debug4(str)[source]
vespa.log_pipe.debug5(str)[source]
vespa.log_pipe.debug_comm(str)[source]
vespa.log_pipe.debug_comm_detail(str)[source]

Display extended communications information - How sendRemote split RECV_LENGTH

Notes: offloaded to prevent screen flooding

vespa.log_pipe.debug_comm_len(s)[source]

Display maximum sized informations

Notes: offloaded to prevent screen flooding

vespa.log_pipe.debug_controller(str)[source]
vespa.log_pipe.debug_crypto(str)[source]
vespa.log_pipe.debug_info(str)[source]
vespa.log_pipe.debug_init(str)[source]
vespa.log_pipe.debug_thread(str)[source]

vespa.model module

Model

class vespa.model.Model[source]

Bases: vespa.node.Node

create_object_instance(config, obj, master)[source]
findNode(name)[source]

Return a tuple if the node “name” is found, raise an Exception otherwise. TODO: Refactor (3x)

find_vo(config)[source]

Return VO object from config file

One and only one VO

sendRemoteWake(remote, msg)[source]

Force sending content to a remote host. Loop until it is done

vespa.node module

Most basic inherited class for a simple Node

Default config without backend

Pthread is used as Profiler wrapper

If you do not need profiling you may replace the PThread class with:
class Node(Thread):

INTERNALS:

class vespa.node.Node(name, host, port, master, run=True)[source]

Bases: vespa.node.PThread

run()[source]
class vespa.node.PThread(name, host, port, master, run=True)[source]

Bases: threading.Thread

desc()[source]

Return the tuple representing a node

destroy()[source]

Destroy all slaves

findNode(name)[source]
get_backend()[source]

Return the backend registered on initialization (i.e. Resource)

launch()[source]
list_slaves()[source]

Return self.slaves

listen_interface(host)[source]
register(name, host, port)[source]
register_alert_handler(handler)[source]
run()[source]

Thread listenning on node port. It creates a worker thread for each accepted socket.

It SHOULD NOT accept multiple hosts, but ready for it.

send(msg)[source]

Provide an entry to current node functions.

sendAlert(msg)[source]

Wrapper for sendRemote with alert formatting.

See “sendRemote” for arguments description and returns

sendRemote(remote, msg, needack=True)[source]

Send a message to a node (remote) using the node.desc() string. This function deals with sockets directly.

Default behavior is to wait data as acknowledgement (needack). It is only modified for messages needing fast delivery and processing such as alerts.

sendRemotef(remote, msg)[source]

Wrapper for sendRemote with needack=False

See “sendRemote” for arguments description and returns

sendSocket(s, remote, msg)[source]

Handle the socket (s.send) message and encryption routines.

wait_backend(max_tries=0)[source]

Ping node backend and return when backend is up.

WARNING: Does not timeout if max_tries = 0

worker(conn)[source]

Handle socket reception job.

class vespa.node.ThreadWorker(group=None, target=None, name=None, args=(), kwargs=None, verbose=None)[source]

Bases: threading.Thread

run()[source]

vespa.starter module

Starter

vespa.view module

class vespa.view.View(model)[source]

Bases: object

vespa.vo module

Vertical orchestrator

class vespa.vo.VO(name, host, port, master, run=True)[source]

Bases: vespa.node.Node

Create a Vertical Orchestrator to interconnect all other components. It may be requested by an external controller. All incoming communications go through the alert() method, and are parsed there.

Returns:The VO instance
Return type:Node
alert(msg)[source]

This is the most important function of the whole framework. The format is alert|source>...>source>message. The message is also split in the following format function#arg1#...#argN. The two formats are used to create a Finite State Machine, each alert being a state transition.

Parameters:msg (str) – The massage to process with the current format
get_alerts()[source]
get_ip_connections()[source]
get_next_recv_bytes()[source]
get_next_trans_bytes()[source]
get_recv_bytes()[source]
get_topology()[source]
get_trans_bytes()[source]

Module contents