Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package linux :: Module ifconfig
[frames] | no frames]

Source Code for Module rekall.plugins.linux.ifconfig

 1  # Rekall Memory Forensics 
 2  # 
 3  # Copyright 2013 Google Inc. All Rights Reserved. 
 4  # 
 5  # This program is free software; you can redistribute it and/or modify 
 6  # it under the terms of the GNU General Public License as published by 
 7  # the Free Software Foundation; either version 2 of the License, or (at 
 8  # your option) any later version. 
 9  # 
10  # This program is distributed in the hope that it will be useful, but 
11  # WITHOUT ANY WARRANTY; without even the implied warranty of 
12  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
13  # General Public License for more details. 
14  # 
15  # You should have received a copy of the GNU General Public License 
16  # along with this program; if not, write to the Free Software 
17  # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 
18   
19  """ 
20  @author:       Andrew Case 
21  @license:      GNU General Public License 2.0 or later 
22  @contact:      atcuno@gmail.com 
23  @organization: Digital Forensics Solutions 
24  """ 
25  import itertools 
26   
27  from rekall.plugins.linux import common 
28   
29   

30 -class Ifconfig(common.LinuxPlugin): 

31      '''Gathers active interfaces.''' 
32   
33      __name = "ifconfig" 
34   
35      table_header = [ 
36          dict(name="interface", width=16), 
37          dict(name="ipv4", width=20), 
38          dict(name="MAC", width=18), 
39          dict(name="flags", width=20) 
40      ] 
41   
42   

43 -    def enumerate_devices(self): 

44          """A generator over devices. 
45   
46          Yields: 
47            a tuple of (name, ip_addr, mac_addr, promisc). 
48          """ 
49          return itertools.chain(self.get_devs_namespace(), 
50                                 self.get_devs_base()) 

51   

52 -    def get_devs_base(self): 

53          net_device = self.profile.get_constant_object( 
54              "dev_base", target="net_device", vm=self.kernel_address_space) 
55   
56          for net_dev in net_device.walk_list("next"): 
57              yield net_dev 

58   

59 -    def gather_net_dev_info(self, net_dev): 

60          mac_addr = net_dev.mac_addr 
61   
62          for dev in net_dev.ip_ptr.ifa_list.walk_list("ifa_next"): 
63              yield dev.ifa_label, dev.ifa_address, mac_addr, net_dev.flags 

64   

65 -    def get_devs_namespace(self): 

66          nethead = self.profile.get_constant_object( 
67              "net_namespace_list", target="list_head", 
68              vm=self.kernel_address_space) 
69   
70          for net in nethead.list_of_type("net", "list"): 
71              for net_dev in net.dev_base_head.list_of_type("net_device", 
72                                                            "dev_list"): 
73                  yield net_dev 

74   

75 -    def collect(self): 

76          for net_dev in self.enumerate_devices(): 
77              for name, ipv4, mac, flags in self.gather_net_dev_info(net_dev): 
78                  yield dict(interface=name, 
79                             ipv4=ipv4, 
80                             MAC=mac, 
81                             flags=flags) 

82

   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:29:49 2017 http://epydoc.sourceforge.net