Snort Simulator
by Kamal Ahmed other posts by this author
Sep 30 2004 3:46AM messages near this date
view in the new Beta List Site
RE: Perl OO
|
RE: Snort Simulator
This is a multi-part message in MIME format.
------=_NextPart_000_0000_01C4A67E.86950620
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Hi List,
I have the following perl script that generates CheckPoint Alerts, and I
want to transform it so it will generate ALL Types of Snort Alerts. Can
someone guide me in the right direction ? I am a beginner in perl, and you
are the experts.
Thanks in advance,
-Kamal.
#!/usr/bin/perl -w
my $TMPDIR = "/tmp";
use Socket;
my $nextArg = shift;
my ($host, $port, $targetRate);
if ($nextArg eq "-socket") {
$host = shift;
$port = shift;
$targetRate = shift;
} else {
$targetRate = $nextArg;
}
## Error injection: rates are in # / 100000
my $errRateBase = 100000;
my $ipErrorRate = 200;
my $actionErrRate = 100;
my $portErrRate = 100;
my $dateErrRate = 200;
$targetRate = 50 if ! defined $targetRate;
my $count = shift;
$count = 0 if ! defined $count;
my $rate = $targetRate;
my $recNum = intRand(675) * 10000;
my $rateCheck = 0;
my $maxRatio = 1.9; ## Do not have more than $maxRatio * $rate in any
bucket
my $maxPerSec = int($rate * $maxRatio);
my $SPREAD = 20;
my $BUCKETS = $SPREAD + 5;
my @str1 = ('udp', 'tcp', 'icmp');
my @months = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug',
'Sept', 'Oct', 'Nov', 'Dec');
my @columns = (
'LogFileID',
'LogRecNum',
'time',
'action',
'orig',
'i/f_dir',
'i/f_name',
'proto',
'src',
'dst',
'service',
's_port',
'len',
'rule',
'has_accounting',
);
my $index1 = int(rand() * 1000000);
my $starttime = time;
sub event {
my $ref = shift;
my %data = %$ref;
my $res;
foreach my $key (@columns) {
my $val = $data{$key};
$val = "" if (! defined $val);
$res .= " " if defined ($res);
$res .= "$key=\"$val\"";
}
return $res;
}
sub intRand {
my $range = shift;
return int(rand() * $range);
}
sub needError {
my $errRate = shift;
return intRand($errRateBase) < $errRate;
}
sub badString {
return "bad'Str" if (intRand(20) < 3);
return "bad|S{tr" if (intRand(20) < 3);
return "ba}|S{tr" if (intRand(20) < 3);
return "ba}|S{tr" if (intRand(20) < 3);
return "ba}(S{tr" if (intRand(20) < 3);
return "ba`S{tr" if (intRand(20) < 3);
return "bacS{tr" . chr(3) if (intRand(20) < 3);
return "bacS{tr" . chr(203) if (intRand(20) < 3);
return chr(203) . "str" . chr(203) if (intRand(20) < 3);
return "a|b|'|c|d'::d{d}dd[f]s[]";
}
sub getIp {
my $num = shift;
my @a;
for (my $i=0; $i<4; $i++) {
$a[$i] = $num % 100;
$a[$i] = "0" . $a[$i] if (int($a[$i]) < 10);
$num = int($num / 100);
}
if (needError($ipErrorRate)) {
return "$a[3].$a[2]..$a[0]" if (intRand(10) < 5);
return "$a[3]:$a[2]:$a[1]:$a[0]" if (intRand(10) < 5);
return "$a[3]'$a[2]|$a[1]''$a[0]" if (intRand(10) < 5);
return "This is a test";
} else {
return "$a[3].$a[2].$a[1].$a[0]";
}
}
sub sendToStdout {
my $msg = shift;
printf "%s\n", $msg;
}
sub initSocket {
printf "Init socket $host -- $port\n";
my $hostname = shift;
my $lport = shift;
my ($a1, $a2, $prototype) = getprotobyname ("tcp");
if (0) {
my ($b1, $b2, $b3, $b4, $rawserver) = gethostbyname ($hostname);
my $serveraddr = pack ("Sna4x8", 2, $lport, $rawserver);
socket (SSOCKET, 2, 1, $prototype) || die ("No socket ($prototype)
$!");
printf "Binding\n";
bind (SSOCKET, $serveraddr) || die ("Can't bind");
printf "Listening\n";
listen (SSOCKET, 1) || die ("Can't listen");
printf "Accepting\n";
(my $clientaddr = accept (SOCKET, SSOCKET)) || die ("Can't accept:
$!");
printf "Selecting\n";
select (SOCKET);
$| = 1;
} else {
my $proto = getprotobyname('tcp');
socket(Server, PF_INET, SOCK_STREAM, $proto) || die "socket:
$!";
setsockopt(Server, SOL_SOCKET, SO_REUSEADDR,
pack("l", 1)) || die "setsockopt:
$!";
bind(Server, sockaddr_in($lport, INADDR_ANY)) || die "bind:
$!";
printf "Listening\n";
listen(Server,SOMAXCONN) || die "listen:
$!";
printf "Accepting\n";
my $paddr = accept(SOCKET,Server);
my($port,$iaddr) = sockaddr_in($paddr);
my $name = gethostbyaddr($iaddr,AF_INET);
printf "%s\n", "connection from $name [" .
inet_ntoa($iaddr) . "] at port $lport";
select(SOCKET);
$| = 1;
}
}
sub sendToSocket {
my $msg = shift;
print SOCKET ("$msg\n");
## printf STDOUT "%s\n", $msg;
}
sub sendEvent {
my $msg = shift;
if (defined $host) {
sendToSocket($msg);
} else {
sendToStdout($msg);
}
}
sub getDateStr {
my $year = 1997 + intRand(5);
my $mon = intRand(12);
my $day = intRand(28) + 1;
my $date = "";
$date .= " " if (int($day) < 10);
$date .= $day;
$date .= $months[$mon] . $year;
if (needError($dateErrRate)) {
return "Sunday Jan 15, 14:01" if (intRand(20) < 5);
return intRand(10) . $months[$mon] . $year;
}
return $date;
}
sub genOne {
my $index = shift;
my %data;
$data{'name'} = "test";
my $num = int(rand() * 100);
my $date = getDateStr();
$data{'LogFileID'} = '1044611703';
$data{'LogRecNum'} = $recNum++;
$data{'time'} = "$date";
$data{'action'} = (intRand(12) < 11) ? 'accept' : 'drop';
my @action = qw/
accept drop allow authcrypt
authorize ctl deauthorize decrypt
encrypt keyinst reject
/;
$data{action} = $action[intRand(scalar @action)];
if (needError($actionErrRate)) {
if (intRand(20) < 3) {
$data{'action'} = 'deny';
} elsif (intRand(20) < 5) {
$data{'action'} = ' accept ';
} elsif (intRand(20) < 5) {
$data{'action'} = 'a c c e p t';
} elsif (intRand(20) < 5) {
$data{'action'} = 'acc\'eptdeny';
} else {
$data{'action'} = badString();
}
}
$data{'orig'} = 'bedm-edn-650-pri';
$data{'i/f_dir'} = (intRand(6) < 4) ? 'inbound' : 'outbound';
$data{'i/f_name'} = "eth-s" . intRand(3) . 'p' . intRand(3) . 'c' .
intRand(4);
$data{'proto'} = intRand(3) < 2 ? 'udp' : 'tcp';
$data{'src'} = getIp($index);
$data{'dst'} = "172.16.0.65";
$data{'service'} = 21;
#$data{'service'} = intRand(2) + 10;
$data{'s_port'} = intRand(2);
if (needError($portErrRate)) {
if (intRand(20) < 5) {
$data{'s_port'} += 1000000;
} else {
$data{'s_port'} = badString();
}
}
$data{'len'} = intRand(44);
$data{'rule'} = intRand(20);
$data{'has_accounting'} = 0;
my $event = event(\%data);
return $event;
}
my $logFile = "$TMPDIR/perl_$$.log";
open (LOG, "> $logFile") or die ("cannot open logfile $logFile");
select(LOG);
$| = 1;
select(STDOUT);
$| = 1;
initSocket($host, $port) if (defined $host);
for (my $i=0; $i<$count or $count == 0; $i++) {
my $time = time();
my $timeIdx = $time % $BUCKETS;
$totals[$timeIdx]++;
$totals[($time+1) % $BUCKETS] = 0;
$totals[($time+2) % $BUCKETS] = 0;
my $spreadSecTotal = 0;
my @spreads = ();
my $num = 0;
for (my $j=0; $j<$SPREAD; $j++) {
my $idx = ($time - $j) % $BUCKETS;
if (defined $totals[$idx]) {
$spreadSecTotal += $totals[$idx];
$spreads[$j] = $totals[$idx];
$num++;
} else {
$spreads[$j] = 0;
}
}
my $lastOne = $spreads[0];
my $lastTwo = $spreads[1] + $lastOne;
my $needsToSleep = 0;
$needsToSleep = 1 if ($spreadSecTotal > = $num * $rate); ## There are
enough
$needsToSleep = 1 if ($lastOne > = $maxPerSec); ## Not too spikey
$needsToSleep = 1 if ($lastTwo > = ($maxPerSec + $rate));
if ($needsToSleep) {
my $sleepTime = 1 + (intRand(20) > 18 ? 1 : 0); ## Occasionally skip a
second
sleep $sleepTime;
if ($rateCheck) {
for (my $i=0; $i<$SPREAD; $i++) {
my $idx = ($time - $i) % $BUCKETS;
if (defined $totals[$idx]) {
printf("%d - ", $totals[$idx]);
}
}
printf("%.2f/sec\n", $spreadSecTotal / $num);
}
}
my $event = genOne($i);
if ($i % int($rate * 60) == 0) {
printf LOG "$i @ $time -- $event\n";
}
if ($timeIdx == 0 and $totals[$timeIdx] == 1) { ## Report the rates
every once in a while
printf LOG "$time: ";
for (my $i=0; $i<$SPREAD; $i++) {
my $idx = ($time - $i) % $BUCKETS;
if (defined $totals[$idx]) {
printf LOG ("%d - ", $totals[$idx]);
}
}
printf LOG ("%.2f/sec\n", $spreadSecTotal / $num);
}
sendEvent($event) if (!$rateCheck);
}
------=_NextPart_000_0000_01C4A67E.86950620
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML> <HEAD>
<META content=3D"text/html; charset=3Dus-ascii" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.3502.5390" name=3DGENERATOR>
<STYLE> @font-face {
font-family: Tahoma;
}
P.MsoNormal {
FONT-FAMILY: "Times New Roman"; FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt
}
LI.MsoNormal {
FONT-FAMILY: "Times New Roman"; FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt
}
DIV.MsoNormal {
FONT-FAMILY: "Times New Roman"; FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.emailstyle17 {
COLOR: windowtext; FONT-FAMILY: Arial
}
SPAN.EmailStyle18 {
COLOR: navy; FONT-FAMILY: Arial
}
DIV.Section1 {
page: Section1
}
</STYLE>
</HEAD>
<BODY lang=3DEN-US link=3Dblue vLink=3Dpurple>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> Hi=20
List,</SPAN> </FONT></DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> </SPAN></FONT> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> I have=20
the following perl script that generates CheckPoint Alerts, and I want =
to=20
transform it so it will generate ALL Types of Snort Alerts. Can someone =
guide me=20
in the right direction ? I am a beginner in perl, and you are the=20
experts.</SPAN> </FONT></DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> </SPAN></FONT> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> Thanks=20
in advance,</SPAN> </FONT></DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> </SPAN></FONT> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> -Kamal.</SPAN></FONT></DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> </SPAN></FONT> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> #!/usr/bin/perl -w</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> my=20
$TMPDIR =3D "/tmp";</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> use=20
Socket;</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> my=20
$nextArg =3D shift;<BR> my ($host, $port, $targetRate);<BR>if ($nextArg =
eq=20
"-socket") {<BR> $host =3D =
shift;<BR> $port =3D=20
shift;<BR> $targetRate =3D shift;<BR>} else=20
{<BR> $targetRate =3D =
$nextArg;<BR> }</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> ##=20
Error injection: rates are in # / 100000<BR> my $errRateBase =3D =
100000;<BR> my=20
$ipErrorRate =3D 200;<BR> my $actionErrRate =3D 100;<BR>my $portErrRate =
=3D 100;<BR> my=20
$dateErrRate =3D 200;</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> $targetRate =3D 50 if ! defined =
$targetRate;<BR> my $count=20
=3D shift;<BR> $count =3D 0 if ! defined $count;</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> my=20
$rate =3D $targetRate;</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> my=20
$recNum =3D intRand(675) * 10000;<BR> my $rateCheck =3D 0;<BR>my =
$maxRatio =3D=20
1.9; ## Do not have more than $maxRatio * $rate in any =
bucket<BR> my=20
$maxPerSec =3D int($rate * $maxRatio);</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> my=20
$SPREAD =3D 20;<BR> my $BUCKETS =3D $SPREAD + 5;</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> my=20
@str1 =3D ('udp', 'tcp', 'icmp');<BR> my @months =3D ('Jan', 'Feb', =
'Mar', 'Apr',=20
'May', 'Jun', 'Jul', 'Aug',<BR> 'Sept', 'Oct', 'Nov', =
'Dec');</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> my=20
@columns =3D=20
(<BR> &n=
bsp; =20
'LogFileID',<BR> &nb=
sp; =20
'LogRecNum',<BR> &nb=
sp; =20
'time',<BR> &n=
bsp; =20
'action',<BR> =
=20
'orig',<BR> &n=
bsp; =20
'i/f_dir',<BR>  =
; =20
'i/f_name',<BR> &nbs=
p; =20
'proto',<BR> &=
nbsp; =20
'src',<BR> &nb=
sp; =20
'dst',<BR> &nb=
sp; =20
'service',<BR>  =
; =20
's_port',<BR> =
=20
'len',<BR> &nb=
sp; =20
'rule',<BR> &n=
bsp; =20
'has_accounting',<BR> );</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> my=20
$index1 =3D int(rand() * 1000000);<BR> my $starttime =3D =
time;</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> sub=20
event {<BR> my $ref =3D shift;<BR> =
my %data =3D=20
%$ref;<BR> my $res;<BR> foreach my =
$key=20
(@columns) {<BR> my $val =3D=20
$data{$key};<BR> $val =3D "" =
if (!=20
defined $val);<BR> $res .=3D " =
" if=20
defined ($res);<BR> $res .=3D=20
"$key=3D\"$val\"";<BR> }<BR> return=20
$res;<BR> }</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> sub=20
intRand {<BR> my $range =3D =
shift;<BR> return=20
int(rand() * $range);<BR> }</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> sub=20
needError {<BR> my $errRate =3D =
shift;<BR> =20
return intRand($errRateBase) < $errRate;<BR> }</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> sub=20
badString {<BR> return "bad'Str" if (intRand(20) <=20
3);<BR> return "bad|S{tr" if (intRand(20) <=20
3);<BR> return "ba}|S{tr" if (intRand(20) <=20
3);<BR> return "ba}|S{tr" if (intRand(20) <=20
3);<BR> return "ba}(S{tr" if (intRand(20) <=20
3);<BR> return "ba`S{tr" if (intRand(20) <=20
3);<BR> return "bacS{tr" . chr(3) if (intRand(20) < =
3);<BR> return "bacS{tr" . chr(203) if (intRand(20) =
<=20
3);<BR> return chr(203) . "str" . chr(203) if =
(intRand(20)=20
< 3);<BR> return=20
"a|b|'|c|d'::d{d}dd[f]s[]";<BR> }</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> sub=20
getIp {<BR> my $num =3D shift;<BR> =
my=20
@a;<BR> for (my $i=3D0; $i<4; $i++)=20
{<BR> $a[$i] =3D $num %=20
100;<BR> $a[$i] =3D "0" . =
$a[$i] if=20
(int($a[$i]) < 10);<BR> =
$num =3D=20
int($num / 100);<BR> }<BR> if=20
(needError($ipErrorRate)) {<BR> return "$a[3].$a[2]..$a[0]" if =
(intRand(10)=20
< 5);<BR> return "$a[3]:$a[2]:$a[1]:$a[0]" if (intRand(10) <=20
5);<BR> return "$a[3]'$a[2]|$a[1]''$a[0]" if (intRand(10) <=20
5);<BR> return "This is a test";<BR> } else=20
{<BR> return "$a[3].$a[2].$a[1].$a[0]";<BR> =20
}<BR> }</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> sub=20
sendToStdout {<BR> my $msg =3D =
shift;<BR> =20
printf "%s\n", $msg;<BR> }</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> sub=20
initSocket {<BR> printf "Init socket $host --=20
$port\n";<BR> my $hostname =3D =
shift;<BR> my=20
$lport =3D shift;<BR> my ($a1, $a2, $prototype) =3D =
getprotobyname=20
("tcp"); <BR> if (0)=20
{<BR> my ($b1, $b2, $b3, $b4,=20
$rawserver) =3D gethostbyname ($hostname);=20
<BR> my $serveraddr =3D pack =
("Sna4x8",=20
2, $lport, $rawserver); <BR> =
socket=20
(SSOCKET, 2, 1, $prototype) || die ("No socket ($prototype) $!");=20
<BR> printf=20
"Binding\n";<BR> bind =
(SSOCKET,=20
$serveraddr) || die ("Can't bind");=20
<BR> printf=20
"Listening\n";<BR> listen =
(SSOCKET, 1)=20
|| die ("Can't listen"); <BR> =
printf=20
"Accepting\n";<BR> (my =
$clientaddr =3D=20
accept (SOCKET, SSOCKET)) || die ("Can't accept: $!");=20
<BR> printf=20
"Selecting\n";<BR> select =
(SOCKET);=20
<BR> $| =3D 1; =
<BR> }=20
else {<BR> my $proto =3D=20
getprotobyname('tcp');</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> =20
socket(Server, PF_INET, SOCK_STREAM,=20
$proto) || die "socket:=20
$!";<BR> setsockopt(Server,=20
SOL_SOCKET,=20
SO_REUSEADDR,<BR> &n=
bsp; &nb=
sp; &nbs=
p; =20
pack("l", 1)) || die "setsockopt:=20
$!";<BR> bind(Server,=20
sockaddr_in($lport, =
INADDR_ANY)) ||=20
die "bind: $!";<BR> printf=20
"Listening\n";<BR> =20
listen(Server,SOMAXCONN) &=
nbsp; &n=
bsp; =20
|| die "listen: $!";<BR> =
printf=20
"Accepting\n";<BR> my $paddr =
=3D=20
accept(SOCKET,Server);<BR> =20
my($port,$iaddr) =3D=20
sockaddr_in($paddr);<BR> my =
$name =3D=20
gethostbyaddr($iaddr,AF_INET);</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> =
printf=20
"%s\n", "connection from $name [" .=20
<BR> &nb=
sp; =20
inet_ntoa($iaddr) . "] at port $lport";</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> =20
select(SOCKET);<BR> $| =3D=20
1;<BR> }<BR>}</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> sub=20
sendToSocket {<BR> my $msg =3D =
shift;<BR> =20
print SOCKET ("$msg\n");<BR> ## printf STDOUT "%s\n",=20
$msg;<BR> }</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> sub=20
sendEvent {<BR> my $msg =3D =
shift;<BR> if=20
(defined $host) {<BR> sendToSocket($msg);<BR> } =
else=20
{<BR> sendToStdout($msg);<BR> =
}<BR> }</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> sub=20
getDateStr {<BR> my $year =3D 1997 +=20
intRand(5);<BR> my $mon =3D =20
intRand(12);<BR> my $day =3D intRand(28) +=20
1;</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> my $date =3D =
"";<BR> =20
$date .=3D " " if (int($day) < 10);<BR> $date .=3D=20
$day;<BR> $date .=3D $months[$mon] .=20
$year;<BR> if (needError($dateErrRate))=20
{<BR> return "Sunday Jan 15, 14:01" if (intRand(20) <=20
5);<BR> return intRand(10) . $months[$mon] .=20
$year;<BR> }<BR> return=20
$date;<BR> }</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> sub=20
genOne {<BR> my $index =3D shift;</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> my =
%data;<BR> =20
$data{'name'} =3D "test";</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> my $num =3D int(rand() *=20
100);<BR> my $date =3D =
getDateStr();</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> $data{'LogFileID'} =3D=20
'1044611703';<BR> $data{'LogRecNum'} =3D=20
$recNum++;<BR> $data{'time'} =3D =
"$date";<BR> =20
$data{'action'} =3D (intRand(12) < 11) ? 'accept' : 'drop';<BR> my =
@action =3D=20
qw/<BR> accept =
drop =20
allow authcrypt =
<BR> =20
authorize ctl deauthorize decrypt =
<BR> =20
encrypt keyinst reject<BR> /;</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> =20
$data{action} =3D $action[intRand(scalar @action)];</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> if =
(needError($actionErrRate))=20
{<BR> if (intRand(20) < 3) {<BR> =
$data{'action'}=20
=3D 'deny';<BR> } elsif (intRand(20) < 5) =
{<BR> =20
$data{'action'} =3D ' accept ';<BR> } elsif (intRand(20) < 5)=20
{<BR> $data{'action'} =3D 'a c c e p =
t';<BR> } elsif=20
(intRand(20) < 5) {<BR> $data{'action'} =3D=20
'acc\'eptdeny';<BR> } else {<BR> =
$data{'action'} =3D=20
badString();<BR> }<BR> }<BR> =20
$data{'orig'} =3D 'bedm-edn-650-pri';<BR> =
$data{'i/f_dir'} =3D=20
(intRand(6) < 4) ? 'inbound' : 'outbound';<BR> =20
$data{'i/f_name'} =3D "eth-s" . intRand(3) . 'p' . intRand(3) . 'c' .=20
intRand(4);<BR> $data{'proto'} =3D intRand(3) < 2 ? =
'udp' :=20
'tcp';<BR> $data{'src'} =3D =
getIp($index);<BR> =20
$data{'dst'} =3D "172.16.0.65";<BR> $data{'service'} =
=3D=20
21;<BR> #$data{'service'} =3D intRand(2) +=20
10;<BR> $data{'s_port'} =3D =
intRand(2);<BR> if=20
(needError($portErrRate)) {<BR> if (intRand(20) < 5)=20
{<BR> $data{'s_port'} +=3D 1000000;<BR> } =
else=20
{<BR> $data{'s_port'} =3D=20
badString();<BR> }<BR> }<BR> =20
$data{'len'} =3D intRand(44);<BR> $data{'rule'} =3D=20
intRand(20);<BR> $data{'has_accounting'} =3D=20
0;</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> my $event =3D=20
event(\%data);<BR> return =
$event;<BR> }</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> my=20
$logFile =3D "$TMPDIR/perl_$$.log";<BR> open (LOG, "> $logFile") or =
die ("cannot=20
open logfile $logFile");<BR> select(LOG);<BR>$| =3D =
1;<BR> select(STDOUT);<BR>$| =3D=20
1;</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> initSocket($host, $port) if (defined=20
$host);</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D168264303-30092004> for=20
(my $i=3D0; $i<$count or $count =3D=3D 0; $i++) =
{<BR> my $time =3D=20
time();<BR> my $timeIdx =3D $time %=20
$BUCKETS;<BR> =
$totals[$timeIdx]++;<BR> =20
$totals[($time+1) % $BUCKETS] =3D 0;<BR> =
$totals[($time+2) %=20
$BUCKETS] =3D 0;<BR> my $spreadSecTotal =3D=20
0;<BR> my @spreads =3D ();<BR> my =
$num =3D=20
0;<BR> for (my $j=3D0; $j<$SPREAD; $j++)=20
{<BR> my $idx =3D ($time - $j) =
%=20
$BUCKETS;<BR> if (defined=20
$totals[$idx]) {<BR> $spreadSecTotal +=3D=20
$totals[$idx];<BR> $spreads[$j] =3D=20
$totals[$idx];<BR> =20
$num++;<BR> } else=20
{<BR> $spreads[$j] =3D =
0;<BR> }<BR> =20
}<BR> my $lastOne =3D=20
$spreads[0];<BR> my $lastTwo =3D =
$spreads[1] +=20
$lastOne;</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> my $needsToSleep =3D=20
0;<BR> $needsToSleep =3D 1 if ($spreadSecTotal >=3D =
$num *=20
$rate); ## There are enough<BR> $needsToSleep =
=3D 1 if=20
($lastOne >=3D $maxPerSec); ## Not too=20
spikey<BR> $needsToSleep =3D 1 if =
($lastTwo >=3D=20
($maxPerSec + $rate));</SPAN> </FONT></DIV>
<DIV> </DIV>
<DIV> <FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D168264303-30092004> if ($needsToSleep) =
{<BR> my=20
$sleepTime =3D 1 + (intRand(20) > 18 ? 1 : 0); ## Occasionally =
skip a=20
second<BR> sleep $sleepTime;<BR> if ($rateCheck)=20
{<BR> for (my $i=3D0; $i<$SPREAD; $i++)=20
{<BR> my $idx =3D ($time - $i) % $BUCKETS;<BR> if =
(defined=20
$totals[$idx]) {<BR> printf("%d - ",=20
$totals[$idx]);<BR> }<BR> =20
}<BR> printf("%.2f/sec\n", $spreadSecTotal /=20
$num);<BR> }<BR> }<BR> my =
$event =3D=20
genOne($i);<BR> if ($i % int($rate * 60) =3D=3D 0)=20
{<BR> printf LOG "$i @ $time =
--=20
$event\n";<BR> }<BR> if ($timeIdx =
=3D=3D 0 and=20
$totals[$timeIdx] =3D=3D 1) { ## Report the rates every once in a=20
while<BR> printf LOG "$time: ";<BR> for (my $i=3D0; =
$i<$SPREAD; $i++)=20
{<BR> my $idx =3D ($time - $i) %=20
$BUCKETS;<BR> if (defined $totals[$idx])=20
{<BR> printf LOG ("%d - ",=20
$totals[$idx]);<BR> }<BR> }<BR> printf =
LOG=20
("%.2f/sec\n", $spreadSecTotal / $num);<BR> =20
}<BR> sendEvent($event) if=20
(!$rateCheck);<BR> }<BR></SPAN></FONT></DIV></BODY></HTML>
------=_NextPart_000_0000_01C4A67E.86950620--
Attachments:
unknown1
Thread:
Bharucha, Nikhil
Kamal Ahmed
Charles K. Clarkson
|
