Commit 59a672fe authored by anonym's avatar anonym
Browse files

Merge branch 'feature/16148-unfiltered-pcaps' into stable

Fix-committed: #16148
parents 744501f6 8d823e28
......@@ -64,7 +64,7 @@ Feature: Additional software
And I refuse adding "cowsay" to Additional Software
Then "cowsay" is not in the list of Additional Software
# Depends on scenario: Packages I remove from Additional Software through the GUI are not in the Additional Software list anymore
# Depends on scenario: My Additional Software list is configurable through a GUI or through notifications when I install or remove packages with APT or Synaptic
# See https://tails.boum.org/blueprint/additional_software_packages/offline_mode/#incomplete-online-upgrade for high level logic
Scenario: Recovering in offline mode after Additional Software previously failed to upgrade and then succeed to upgrade when online
Given a computer
......
......@@ -10,6 +10,8 @@ end
# address/port) in the graph of all network flows.
def pcap_connections_helper(pcap_file, opts = {})
opts[:ignore_dhcp] = true unless opts.has_key?(:ignore_dhcp)
opts[:ignore_arp] = true unless opts.has_key?(:ignore_arp)
opts[:ignore_sources] ||= [$vm.vmnet.bridge_mac]
connections = Array.new
packets = PacketFu::PcapFile.new.file_to_array(:filename => pcap_file)
packets.each do |p|
......@@ -39,6 +41,9 @@ def pcap_connections_helper(pcap_file, opts = {})
elsif PacketFu::IPPacket.can_parse?(p)
ip_packet = PacketFu::IPPacket.parse(p)
protocol = 'ip'
elsif PacketFu::ARPPacket.can_parse?(p)
ip_packet = PacketFu::ARPPacket.parse(p)
protocol = 'arp'
else
raise "Found something that cannot be parsed"
end
......@@ -46,6 +51,8 @@ def pcap_connections_helper(pcap_file, opts = {})
next if opts[:ignore_dhcp] &&
looks_like_dhcp_packet?(eth_packet, protocol,
sport, dport, ip_packet)
next if opts[:ignore_arp] && protocol == "arp"
next if opts[:ignore_sources].include?(eth_packet.eth_saddr)
packet_info = {
mac_saddr: eth_packet.eth_saddr,
......
......@@ -21,7 +21,7 @@ class Sniffer
@pcap_file = "#{$config["TMPDIR"]}/#{pcap_name}"
end
def capture(filter="not ether src host #{@vmnet.bridge_mac} and not ether proto \\arp and not ether proto \\rarp")
def capture
job = IO.popen(
[
"/usr/sbin/tcpdump",
......@@ -30,7 +30,6 @@ class Sniffer
"--immediate-mode",
"-i", @vmnet.bridge_name,
"-w", @pcap_file,
filter,
:err => ["/dev/null", "w"]
]
)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment