bFS ddlZddlZddlZddlZddlZddlZddlZddlmZm Z ddl m Z m Z m Z mZddlmZddlmZddlmZddlZddlmZddlmZdd lmZmZmZdd lmZdd lmZdd lm Z dd lm!Z!ddl"m#Z#ddl$Z$ddl%m&Z&m'Z'm(Z(ddl)m*Z*ddl+m,Z,m-Z-m.Z.m/Z/ddl0m1Z1ddl2m3Z3ddl2m4Z4ddl5m6Z6ddl7m8Z8ddl9Z9dZ:dZ;dZdddddddddZ?hdZ@dZAdeAz ZBdZCdZDe8eE ZFd!ZGd"ZHd#ZIGd$d%eJZKGd&d'eLZMd(ZNd)ZOGd*d+eLZPGd,d-eLZQGd.d/eLZRGd0d1eRZSdd3ZTd4ZUd5ZVd6ZWGd7d8eLZXdd:ZYid;d<d=d>d?d>d@d>dAd>dBd>dCd<dDd>dEd>dFd>dGd>dHd>dId<dJd<dKd>dLd<ZZidMdNdOdPdQdRdSdTdUdVdWdXdYdZd[d\d]d^d_d`dadbdcdddedfdgdhdidjdkdldmdnidodpdqdrdsdtdudvdwdxdydzd{d|d}d~ddddddddddddZdddd\ddiddddddddddddddddnddpddddddddddddddddidddddddddddddddddddd“ddēddƓddȓddʓdd̓ddΓddГiddғddԓdd֓ddؓddړddܓddޓdddddddddddddddddddddddddddddZ[dZ\dZ]d dZ^d!dZ_ d"dZ`dZadZbdZceddZddZe d#dZfd Zgd Zhd Zid$dZjdZkd#dZl d#dZmdZndZodZp d#dZqGddeLZrdZsdZtdZudZvdZwdZxdS(%N)ECHILDESRCH) OrderedDictCounter defaultdict namedtuple)query)traffic_packets)SamDB)LdbError)ClientConnection)securitydrsuapilsa)netlogon)netr_Authenticator)srvsvc)samr) drs_DsBind) CredentialsDONT_USE_KERBEROSMUST_USE_KERBEROS)system_session)UF_NORMAL_ACCOUNTUF_SERVER_TRUST_ACCOUNTUF_TRUSTED_FOR_DELEGATIONUF_WORKSTATION_TRUST_ACCOUNT) SEC_CHAN_BDC)gensec)sd_utils) get_string)get_samba_loggerga2U0*3?-?) dns0smb0x72ldapr(r-3r-2cldapr/dcerpc11r514nbnsr()r'1r-r<r-4r-5r3rAr512r513r515>r*smb2browser smb_netlogong$@)i)namec|tkrL|st|tjdSt|t |ztjdSdS)aPrint a formatted debug message to standard error. :param level: The debug level, message will be printed if it is <= the currently set debug level. The debug level can be set with the -d option. :param msg: The message to be logged, can contain C-Style format specifiers :param args: The parameters required by the format specifiers fileN) DEBUG_LEVELprintsysstderrtuple)levelmsgargss 7/usr/lib/python3/dist-packages/samba/emulate/traffic.pydebugrZes`  6 #CJ ' ' ' ' ' ' #d ##* 5 5 5 5 5 5 cVtjd}td|ddd|ddddtj|D]}t|tj ttj tjd S) zK Print an unformatted log message to stderr, contaning the line number r#)limit rz :z )endrPrON) traceback extract_stackrRrSrTflush)rXtbas rY debug_linenorfws  q ) ) )B E!!uQxxxAq 39<z"" acj!!!!! szJr[cZ|r$d}|D]}|dz }||z}|dz}dd|zzfd}nd}|S)zReturn a function that prints a coloured line to stderr. The colour of the line depends on a sort of hash of the integer arguments.z [38;5;%dmcltdkr%|D]$}t|dtj#dSdS)NrzrOrQrRrSrT)rXreprefixs rYpzrandom_colour_print..psSQIIAFFAAA6SZHHHHHIIr[c`tdkr |D]}t|tjdSdS)NrrOrl)rXres rYrnzrandom_colour_print..psCQ..A!#*-----..r[)seedssxrnrms @rYrandom_colour_printrts .   A GA FA HAA BF+ I I I I I I  . . . Hr[ceZdZdS)FakePacketErrorN)__name__ __module__ __qualname__rpr[rYrvrvsDr[rvcleZdZdZdZdZedZddZdZ dZ d Z d Z d Z d Zd ZddZdS)PacketzDetails of a network packet timestamp ip_protocol stream_numbersrcdestprotocolopcodedescextra endpointsc ||_||_||_||_||_||_||_||_| |_|j|jkr|j|jf|_ dS|j|jf|_ dSNr|) selfr}r~rrrrrrrs rY__init__zPacket.__init__sz"&*      8di  "h 2DNNN"i2DNNNr[c  |dd}|dd\}}}}}}} } |dd} t|}t|}t|}|||||||| | | S)N  )rstripsplitfloatint) clslinefieldsr}r~rrrrrrrs rY from_linezPacket.from_linesT""((..      qrr )$$ #hh4yys9k=#tVT522 2r[c d|j}|j|z}|d||j|jpd|j|j|j|j|j |f zfS)z5Format the packet as a traffic_summary line. rz%f %s %s %d %d %s %s %s %s) joinrr}r~rrrrrr)r time_offsetrts rY as_summaryzPacket.as_summarysm $*%% N[ (7!#)r   r[c d|j|j|j|jpd|j|j|j|j|jr dd |jzdzndf zS)Nz:%.3f: %d -> %d; ip %s; strm %s; prot %s; op %s; desc %s %sr$«r^»r) r}rrr~rrrrrrrs rY__str__zPacket.__str__sgL49d6F6M##T]DK8< J$$*---44MM Nr[c d|zS)Nz rprs rY__repr__zPacket.__repr__s $$r[c ||j|j|j|j|j|j|j|j|j Sr) __class__r}r~rrrrrrrrs rYcopyz Packet.copysF~~dn"."0"h"i"m"k"i"j** *r[c(|jd|j}|S)N:rr)rrs rYas_packet_typezPacket.as_packet_types}}}dkk 2r[c||j|jf}|tvr t|S|tvrt| SdS)zA positive number means we think it is a client; a negative number means we think it is a server. Zero means no idea. range: -1 to 1. r)rr CLIENT_CLUES SERVER_CLUES)rkeys rY client_scorezPacket.client_scoresF}dk* ,  $ $ ,   %% %sr[c d|jd|j} tt|}n>#t$r1}t d|jd|tjYd}~dSd}~wwxYw|jdkrtdd|jd |tj } ||||r@tj }||z }t d ||j|j|j|fzdSdS#t$rJ}tj }||z }t d ||j|j|j||fzYd}~dSd}~wwxYw) zSend the packet over the network, if required. Some packets are ignored, i.e. for protocols not handled, server response messages, or messages that are generated by the protocol layer associated with other packets. packet__z Conversation(z) Missing handler rONkerberosr#z) Calling handler z%f %s %s %s %f True z%f %s %s %s %f False %s) rrgetattrr AttributeErrorrRconversation_idrSrTrZtime Exception) r conversationcontextfn_namefnestartr`durations rYplayz Packet.plays%)MMM4;;? '22BB    E///:z # # # # FFFFF   =J & & !!"222GG= > > >  .r$ g.. /ikk;2L8$-{H../////  / / . . .)++CU{H 1 4dm;!-- . . . . . . . . . .s-* A%&A  A%"A C11 E;?EEc |j|jz Srr}rothers rY__cmp__zPacket.__cmp__+s~//r[Nc6t|j|jSr)is_a_real_packetrr)rmissing_packet_statss rYis_really_a_packetzPacket.is_really_a_packet.s t{;;;r[)rr)rwrxry__doc__ __slots__r classmethodrrrrrrrrrrrpr[rYr{r{s%% I333 22[2& NNN %%% * * *   &.&.&.P000<<<<<"(-(-"(-!(-(-(-(-(-(;  ((*****r[ct}td|jz||j|j}||tjdgdg}i}dgi}|D]}t|j }d d| dD }||g} | ||d r|d|t#|D]} | d dd kr| dd } | d dd kr| dd } | d dd kt'd D]>} | d z } | | kr&| |vr"t)d | d| t*j3|| || <?||_||_i|_||tjdgd}d d|D} d| |jd<d}dD]-}|d||z }.d||jd<d|jd<|dtjdg}d|dd|jd<dS) N ldap://%s)url session_info credentialsrzpaged_results:1:1000dn)scopecontrolsattrs invocationId,c3NK|] }|ddV!dS)Nr#)lstrip.0rss rY z.s2EE!qxxzz"1"~EEEEEEr[zCN=NTDS Settings,rLz,DCzdn_map collison r^rOz"(objectclass=groupPolicyContainer))rr expressionrc3LK|]}d|dV dS)z(distinguishedName={0})rN)format)rrWs rYrz.s5XXS6==c$iHHXXXXXXr[z(|{0})gPCFileSysPath)zDomain Controllers,ztraffic_replay,rz(distinguishedName={0}{1})gpLinkz'(objectCategory=pKICertificateTemplate)pKIExtendedKeyUsagehighestCommittedUSN)rrz(usnChanged>={0})r usnChanged)rr rrrsearch domain_dnldb SCOPE_SUBTREEstrrrrupper setdefaultappend startswithlistkeysrangerRrSrTdn_mapattribute_clue_mapsearch_filtersr  SCOPE_BASE)rsessiondbresrrrrpatternr'krni gpos_by_dnou_strrs rYrz)ReplayContext.generate_ldap_search_tablessK "" {T[0 '#zg ii !/"8!9#f&& B  > >AQTBhhEErxx}}EEEEEKKMMG##GR00C JJrNNN}}011 >">299"===fkkmm$$ & &Av#2#ABCC&E//crcFBCC&E//1XX & &U 66a6kkEQQQ:"z++++"1Iq  & "4 !ii c.?v#GIIWWXXTWXXXXX 19 0K0K,-@ N NB 299"bllnnMM MFF(0(?(?H% 6 12 ii#.9N8OiPP  & &s1v.C'D E E L)))r[c|jD]}||vr|j|cS|dkr5tj|jz}t |j|}d|zSdS)NzDC,DCz((&(sAMAccountName=%s)(objectClass=user))z(objectClass=*))rrrandomr user_namer)rrdn_sigrrrandom_user_id account_names rYguess_search_filterz!ReplayContext.guess_search_filters&++-- 0 0Ce||*3//// W  #]__t/GGN$T%5~FFL= L L! r[cg|_g|_g|_g|_g|_g|_g|_|j|_|j|_|j |_ |j |_ t|j d|j z|_|jd|j|jd|j|jd|j|jddd|_d|jd |j|_d|j d |j|_||dS) Nzconversation-%dz private dirzlock dirzstate directoryztls verify peerno_checkz/root/ncalrpc_as_systemcn=r)ldap_connectionsdcerpc_connectionslsarpc_connectionslsarpc_connections_nameddrsuapi_connectionssrvsvc_connections samr_contexts netbios_name machinepassusernameuserpass mk_masked_dirrrrrset remoteAddressr samlogon_dnuser_dngenerate_machine_credsgenerate_user_creds)raccountrs rYgenerate_process_local_configz+ReplayContext.generate_process_local_configs](*(*(*(*%(* (*(*(/(<(/(;(/(8 (/(8 $T%8%6%1%A&BCC   M4<000  J ---  %t|444  %z2226#000$''; $}}}dgg7  ##%%%   """""r[c|sE|jr???)mm !!$'*** ++D,=>>> ((ss);<<< ((777 ..t/BCCC"- $$TW--- ..t/@AAA ++DM::: ++DM::: 22  " 6 6 8 86;N N P P P 11$2EFFF **4<888%0]]" "((111 "2243DEEE "// crc0BCCC "// >>> "66  & : : < <    ! ! ! "55d6IJJJ "..t|<<<<.connects(=$+!>!%!&(( (r[)r8rMrPrWrrrrkrsrms` rYget_srvsvc_connectionz#ReplayContext.get_srvsvc_connections  " /3 /*2. . ( ( ( ( (  , ,W-1_-1-@-1-A C C "D &&q)))r[cjr|s jdSfd}|jjj\}_j||S)NrjcVd}tjdjd|dj|S)Nzschannel,seal,sign ncacn_ip_tcp:[]rlsarpcrr)rbinding_optionsrs rYrsz4ReplayContext.get_lsarpc_connection..connects:2O::#{{{OOO="g#%% %r[)r5rMr`rbrrrts` rYget_lsarpc_connectionz#ReplayContext.get_lsarpc_connections  " /3 /*2. . % % % % %  , ,W-1-?-1-C-1-A C C "D &&q)))r[cjr|s jdSfd}|jjj\}_j||S)NrjcJtjdjzj|Srqr{rrs rYrsz?ReplayContext.get_lsarpc_named_pipe_connection..connects(:mt{;"g#%% %r[)r6rMr`rbrrrts` rY get_lsarpc_named_pipe_connectionz.ReplayContext.get_lsarpc_named_pipe_connections  ( 5 504 4 % % % % %  , ,W-1-?-1-C-1-G I I (D & %,,Q///r[cjr|sjd}|Sfd}|jjj\}_t |\}}||f}j||S)zget a (drs, drs_handle) tuplerjcZd}djd|d}tj|j|S)Nsealrxryrz)rrr)rr}binding_stringrs rYrsz:ReplayContext.get_drsuapi_connection_pair..connects6$OO"kkk???47EBB Br[)r7rMrPrWrrr)rrkunbindrmrsdrs drs_handlesupported_extensionss` rYget_drsuapi_connection_pairz)ReplayContext.get_drsuapi_connection_pairs  # C (,AH C C C C C  , ,W-1_-1-@-1-B D D %d# .8__*) *   ''***r[c>jr|s jdSfd}fd}|r0|jjj\}_n/|jjj\}_j||S)NrjcBtdjz|jS)a$ To run simple bind against Windows, we need to run following commands in PowerShell: Install-windowsfeature ADCS-Cert-Authority Install-AdcsCertificationAuthority -CAType EnterpriseRootCA Restart-Computer z ldaps://%srrr rrrrs rY simple_bindz6ReplayContext.get_ldap_connection..simple_binds- 3%* G%%% %r[cBtdjz|jS)Nrrrrrs rY sasl_bindz4ReplayContext.get_ldap_connection..sasl_binds+t{2%* G%%% %r[) r3rMrXr]rrPrWrr)rrksimplerrsamdbs` rYget_ldap_connectionz!ReplayContext.get_ldap_connections   - -(, , % % % % % % % % % %  E00151G151K151JLL /UD--0015151D151CEE (UD& $$U+++ r[c|jr|r9|jt|j|j|j|jdS)N)rrrj)r9r SamrContextrrr)rrks rYget_samr_contextzReplayContext.get_samr_context sZ! HS H   % %DKDG4:FFF H H H!"%%r[cjrjSfd}|jjj\}_|_|S)NcJtjdjzj|S)Nzncacn_ip_tcp:%s[schannel,seal])rrrrrs rYrsz6ReplayContext.get_netlogon_connection..connects-$%E&*k&3%)W%*,, ,r[)rrMr`rbr)rrsrms` rYget_netlogon_connectionz%ReplayContext.get_netlogon_connectionsv  # ,+ + , , , , ,  , ,W-1-?-1-C-1-C E E $D " $% r[c|jdfS)NArrs rYguess_a_dns_lookupz ReplayContext.guess_a_dns_lookup$s C  r[c|j}t}d|dD|j_|d|_t}||fS)NcZg|](}t|tr|nt|)Srp) isinstancerordrs rY z3ReplayContext.get_authenticator..*sA:::!"#-Q"4"4@QQ#a&&:::r[ credentialr})r`new_client_authenticatorrcreddatar})rauthcurrent subsequents rYget_authenticatorzReplayContext.get_authenticator'sl!::<<%''::&*<&8:::  -')) $$r[c tj|j|}t |d}|D]\}}t |d|||dS)zWrite arbitrary key/value pairs to a file in our stats directory in order for them to be picked up later by another process working out statistics.wz: rON)ospathrropenitemsrRclose)rfilenamekwargsrHr%vs rY write_statszReplayContext.write_stats1sw7<< x88 3  LLNN - -DAq aaa#! , , , , ,  r[r)F)FF)rwrxryrrenvironrrrr/rFrMrDrCrhrnrur~rrrrrrrrrpr[rYrrZs%)'+!% x00 !*+*+*+*+XPFPFPFn!!!$###>***8,=,=,=\GGG2,$($.$$$$L&&&& $!!!%%%r[rc&eZdZdZddZdZdZdS)rz5State/Context associated with a samr connection. Ncd|_d|_d|_d|_d|_d|_d|_||_||_||_ dSr) connectionhandle domain_handler group_handle user_handleridsrrr)rrrrs rYrzSamrContext.__init__?sO!! !!!!! # " r[cz|js.tjd|jz|j|j|_|jS)Nzncacn_ip_tcp:%s[seal])lp_ctxr)rrrrrrs rYget_connectionzSamrContext.get_connectionKsB ("i'4;7w J(((DO r[c|js9|}|dtj|_|jSr)rrConnect2rSEC_FLAG_MAXIMUM_ALLOWED)rrms rY get_handlezSamrContext.get_handleTs>{ N##%%A**T8+LMMDK{r[NN)rwrxryrrrrrpr[rYrr<sP # # # #r[rcreZdZdZ ddZdZdZ ddZd ZeZ d Z d Z d Z d Z ddZddZdZdZdS) ConversationzADetails of a converation between a simulated client and a server.Nrpc||_||_g|_t||_d|_||_|D] }|j| dS)Nr) start_timerpacketsrtrWclient_balanceradd_short_packet)rrrseqrrns rYrzConversation.__init__]sb$" &y11!. & &A !D !1 % % % & &r[cV|j |jdSdS|jdS|j|jz S)Nrrjr_)rrs rYrzConversation.__cmp__hs; ? "'q2   #1!111r[c|}|j |j|_|j |j|_|j|jkrt d|jd|j|xj|jzc_|j|jdkr#|xj|zc_n"|xj|z c_|r|j |dSdS)zmAdd a packet object to this conversation, making a local copy with a conversation-relative timestamp.NzConversation endpoints z don't matchpacket endpoints r) rrr}rrvrrrrrr)rpacketrns rY add_packetzConversation.add_packetqs KKMM ? "kDO > ![DN ;$. ( (!/#'>>>1;;#@AA A t& 5AKN " "   1>>#3#3 3      1>>#3#3 3     ! ! # L   " " " " " # #r[Tc 0|rt||sdS|\}}|s||}}||f} t| d} t|d} t ||jz | d||||| | } | j| jdkr#|xj | zc_ n"|xj | z c_ | r|j | dSdS)zCreate a packet from a timestamp, and 'protocol:opcode' pair, and a (possibly empty) list of extra data. If client is True, assume this packet is from the client to the server. Nr06r)rguess_client_serverOP_DESCRIPTIONSr IP_PROTOCOLSr{rrrrrrrr) rr}rrrclientskip_unused_packetsrrrrr~rs rYrzConversation.add_short_packets;  '7&'I'I  F,,.. T "cC ""3++"&&x66  DO3[C &$77 :)!, , ,   6#6#6#8#8 8      6#6#6#8#8 8    $ $ & & ( L   ' ' ' ' ' ( (r[cVd|j|j|jt|jfzS)Nz-)rrrlenrrs rYrzConversation.__str__s/?%t~tT\""$$ %r[c*t|jSr)iterrrs rY__iter__zConversation.__iter__sDL!!!r[c*t|jSr)rrrs rY__len__zConversation.__len__s4<   r[ct|jdkrdS|jdj|jdjz S)Nr#rrj)rrr}rs rY get_durationzConversation.get_durations: t|  q 1|B)DLO,EEEr[c*fdjDS)NcDg|]}|jSrp)rr)rrnrs rYrz8Conversation.replay_as_summary_lines..s'DDD! T_--DDDr[)rrs`rYreplay_as_summary_linesz$Conversation.replay_as_summary_linessDDDDt|DDDDr[cn|j}tj|z }||z }|tz }|dkrtj|tj|z |z }|d||fzd} d} tj} |jD]} tj| z }|| jz }|| kr|} |dkrS| tz }|dkrBtj|tj| z }|| jz | kr || jz } | ||| || fS)zMReplay the conversation at the right time. (We're already in a fork).rzstarting %s [miss %.3f]r)rrSLEEP_OVERHEADsleeprWrr}r) rrrrErnowgap sleep_timemissmax_gapmax_sleep_missp_startrns rYreplay_with_delayzConversation.replay_with_delaysF OikkE!#g>) >> Jz " " " e#q( *dD\9:::)++ " "A)++'C #CW}}Qww!TN2 >>Jz*** g-A1;77)*Q[ FF4 ! ! ! !n,,r[cf|j\}}|jdkr||fS|jdkr ||kr||fS||fS)zhHave a go at deciding who is the server and who is the client. returns (client, server) r)rr)r server_cluerebs rYrz Conversation.guess_client_serversR~1   " "q6M  ! # # q(8(8q6M1v r[c|fd|jD|_|jr|jdjnd|_dS)zPrune any packets outside the timne window we're interested in :param s: start of the window :param e: end of the window c>g|]}|jcxkrknn|Srpr)rrnrrrs rYrz>Conversation.forget_packets_outside_window..s<IIIa1 3H3H3H3Hq3H3H3H3H3H3H3H3Hr[rNrr}r)rrrrs ``rYforget_packets_outside_windowz*Conversation.forget_packets_outside_windowsG JIIII4<III 7;|M$,q/33r[cl|jD]}|xj|zc_|j|xj|zc_dSdS)z=Adjust the packet start times relative to the new start time.Nr)rrrns rYrenormalise_timeszConversation.renormalise_timessI & &A KK: %KKK ? & OOz )OOOO ' &r[)NNrpN)TTrr)rwrxryrrrrrrrrrrrrrrrrpr[rYrr[s KK<>!% & & & &222###6;?((((8%%% H"""!!!FFF EEE!-!-!-!-F"NNN*****r[rc0eZdZdZddZdZddZddZdS) DnsHammerzOA lightweight conversation that generates a lot of dns:0 packets on the flyNct|z}fdt|D|_|j||_|_d|_|||_dS)Nc:g|]}tjdS)r)r*uniform)rr&rs rYrz&DnsHammer.__init__..s%DDDafnQ11DDDr[r query_file) rrtimessortraterr_get_query_choices query_choices)rdns_raterrns ` rYrzDnsHammer.__init__s| 8# $ $DDDD588DDD     !44 4KKr[cJdt|j|j|jfzS)Nz-)rrrrrs rYrzDnsHammer.__str__s%?TZ$-;< =r[c|rt|d5}|}dddn #1swxYwYg}|D]l}|}|rT|ds?|d}t |dksJ||m|SgdS)z Read dns query choices from a file, or return default rname may contain format string like `{realm}` realm can be fetched from context.realm r#N#r) )r{realm}ryes)r_r NSr)r# *.{realm}rno)rdrrr) _msdcs.{realm}rr) rrr) nx.realm.comrr)rrr)*.nx.realm.comrr)rrr)rread splitlinesstriprrrr)rrrHtextchoicesrrXs rYrzDnsHammer._get_query_choicess  j#&& !vvxx               G)) ) )zz||) 4 4)::c??Dt99>>>>NN4(((N    s 488c |sJ|jsJtj}|jD]+}tj|z }||z }|tz }|dkrtj|t j|j\}}} } ||j}d} tj} t|| } | dkrt| sd} n#t$rd} YnwxYwtj}|| z }td|||| fz#tj}|| z }td|||| fzwxYwdS)NrrTrFz%f DNS dns %s %f %s ) rrrrrr*rerr  dns_queryrrrR)rrrrrrrrrnamertypeexistsuccess packet_startanswersr`rs rYreplayzDnsHammer.replay4s}  W WA)++%Cc'C~-JA~~ :&&&*0-8J*K*K 'FE5%LLw}L55EG9;;L W#E511E>>#g,,>#G    ikk-2c68W5UUVVVVikk-2c68W5UUVVVV+ W Ws*9'C! D"! C0-D"/C00D""0Er)rwrxryrrrrr(rpr[rYrrstLLLL===BWWWWWWr[rcountc"tt}g}|D]}t|trt |}t d|jtj|D]X}t |}|j dkr|dkr||j xxdz cc<C| |Y||sgdfStd|D}t!d|D}t d tjt#} t%|D]c\} }|xj|zc_| |j} | t-| d z } | | |j<| |dg} | D]*} t3| dkr| | +t5||z } t3| | z }| || |fS) zLLoad a summary traffic summary file and generated Converations from it. z Ingesting rOr'includer_rc3$K|] }|jV dSrrrrns rYrz#ingest_summaries..fs$22QQ[222222r[c3$K|] }|jV dSrrr-s rYrz#ingest_summaries..gs$33aak333333r[z$gathering packets into conversationsNr#)r)rrrrrrRrMrSrTr{rrrrrminmaxr enumerater}rrrrvaluesrr)filesdns_mode dns_countsrrHrrnr last_packet conversationsr&rmconversation_listr mean_intervals rYingest_summariesr:Ps8S!!JG    a   QA (sz:::: " "D  &&AzU""x9'<'<18$$$)$$$$q!!!!  1u 22'22222J33733333K 0szBBBBMMM'""1 z!   ak * * 9a!e555A)*M!+ & Q   ! ! # #(( q66Q;;  $ $Q ' ' ' [:-..H &&1M mXz AAr[ct}|D]}||j|r|ddSdS)Nr_r)rupdater most_common)r7 addressesrms rYguess_server_addressr?s^ I &&%%%%+$$Q''**++r[cri}|D]\}}d|}|||< |SNr)rr)rsyr%rk2s rYstringify_keysrDsA A 1 YYq\\" Hr[ci}|D]9\}}tt|d}|||<:|SrA)rrUrr)rsrBr%rrs rYunstringify_keysrFsQ A 1 #a&&,,t$$ % %! Hr[cVeZdZddZifdZdZdZ dd Zd Zd Z dd Z dS) TrafficModelrdci|_i|_||_tt|_d|_ddg|_dS)Nrrr_)ngrams query_detailsrrr dns_opcountscumulative_duration packet_rate)rrs rYrzTrafficModel.__init__sB ',,#& q6r[c d}d}tf|jdz z}t|}|D]\}}|j|xx|z cc<t |dkrb|dj} d} | dz} |D]4} | t | z } t| | jdj } 5| |j d<| | z |j d<|D]m} | |\} }|| z }tf|jdz z}| D]$}|j | kr|j |z }|j }|tkridtjtd|t"zz}|j|g||dd|fz}|}|j|gt/|j|j|g||dd|fz}&o|xj|z c_|j|gtdS)Nrr_rg?rjwait:%dr%) NON_PACKETrr?rrLrrr0rr}rNrrrWAIT_THRESHOLDmathlog WAIT_SCALErJrrrrKrUrrM)rr7rLprev cum_durationrrr%rfirsttotallastrmrrnelapsedrshort_ps rYlearnzTrafficModel.learns mtvz*%m44 &&(( & &DAq  a A % }   ! !!!$/EE3;D" : :Q42!899"'D Q "&,D Q  + +A226::NFF ANN,, ,L-46A:.C + +5F??+,{^++$S5.sI,8,801=>,FDIIaLLL3,8,8,8,8,8,8r[)rJrKrMrNversionr'rr#)indent)rJrrdictrrKrMrNCURRENT_MODEL_VERSIONrLrrrjsondump)rrHrJr%rrKds rYsavezTrafficModel.saves#K%%'' ) )DAq ! AWQZZ((F1II &,,.. 9 9DAq#G,8,856,8,8,8%8%8 9 9M!  *#'#;+,   $% a   Q A !Qq!!!!!!r[c t|trt|}tj|} |d}|t krt d|t fzn%#t$rt dt zwxYw|dD]\}}tt| d}|j |g}|D]+\}}| t|g|z,||dD]\}}|j t|g}|D]k\}}|dkr| dg|z%| tt| dg|zl|d |vr5|d D]\}}|j|xx|z cc<|d |_|d |_dS) Nr`z4the model file is version %d; version %d is requiredz=the model file lacks a version number; version %d is requiredrJrrKr$rpr'rMrN)rrrrdloadREQUIRED_MODEL_VERSION ValueErrorKeyErrorrrUrrJrextendrrKrLrMrN) rrHrfr`r%rr2rnr)s rYrizTrafficModel.loads a   QA IaLL ; lG/// ":")+A!B"CDDD0 ; ; ; ":"8":;;; ; hK%%''  DAqc!ffll4(())A[++Ar22FGGII 0 05 s1vvh.//// KKMMMMo&,,..  DAq'223q662>>FGGII G G588MM2$,////MM5Qd););#<#<"="EFFFF KKMMMM A::%(( * *1!!$$$)$$$$#$%:#; ]+s ,A''"B rNr_rcg}tf|jdz z}||dz } tj|j|tf}|tkrw||krntj|kr"t d||fztjnjdtj ddz}t d |ztj||j vr tj|j |} ng} | d d\} } | d krHt| tjz} tj| t|zz } || z }nWtjt"}tj||z } || z }|||krnj||kr||| | | f|dd|fz}|d ddd kr'|dddd krtf|jdz z}|S)zUConstruct an individual conversation packet sequence from the model. r_NTz"ending after %s (persistence %.1f)rOrPr ztrying %s instead of endrrzwait:rj)rQrr*rerJrrRrSrT randrangerKrrrSexprUrNO_WAIT_LOG_TIME_RANGEr)rr} hard_stop replay_speed ignore_before persistencermrrnrrr log_wait_timerlog_waits rYconstruct_conversation_sequencez,TrafficModel.construct_conversation_sequences$ mtvz*  %MM% 3 dkoocJ=AABBAJ},,=??[00>#{ASS"z++++ 0B 7 770143:FFFFD&&& d&8&;<< wwsA Hf6!! #F fmoo = x ..*|2KLT! !>+ABx))L8T! (Y-B-B --HHi65ABBBabb'QD.C2wrr{g%%#b'"1"+*@*@"mtvz2K% 3Nr[c&|j\}}||z|z SrrN)rscalerate_nrate_ts rYscale_to_packet_ratez!TrafficModel.scale_to_packet_rateNs*v~&&r[c&|j\}}||z|z Srr|)rppsr~rs rYpacket_rate_to_scalez!TrafficModel.packet_rate_to_scaleRs*f v%%r[cd|z}t||z}g}d}||krztj| |} || ||d|} | D]\} } } }t | | rnS|| |t | z }||kz||}td||t |||fztj | |S)z|S)Nrr_)rr)rrrr7rrrms rYseq_to_conversationsr~s`M $$  $QqT!Wvv&6::A aKF   # # # r[r'r6 rpc_netlogonrrr*rIr-r3r|rr5epmrrJrKrr:)rJ0x01zHost Announcement (0x01))rJ0x02zRequest Announcement (0x02))rJ0x08zBrowser Election Request (0x08))rJ0x09zGet Backup List Request (0x09))rJ0x0cz$Domain/Workgroup Announcement (0x0c))rJ0x0fz Local Master Announcement (0x0f)r2 searchRequestrB searchResDone)r5r(Requestr4BindrCBind_ackrEBind_nakr7 Alter_contextrGAlter_context_resprAUTH3)r5r1Responser&r r;response)rr(DsBind)rrD DsCrackNames)rrFDsWriteAccountSpn)rr<DsUnbind)rr1 DsReplicaSync)rr/DsGetNCChanges)rr?DsReplicaUpdateRefs)rr/Maprrr, bindRequestr= bindResponser0 unbindRequestr.r>searchResEntryr@)r-rz*** Unknown ***)r|r8lsa_LookupNames)r|rHlsa_LookupSids)r|39lsa_QueryTrustedDomainInfoBySid)r|40lsa_SetTrustedDomainInfo)r|6lsa_OpenPolicy)r|76lsa_LookupSids3)r|77lsa_LookupNames4r9)r:r<)r21NetrLogonDummyRoutine1)r26NetrServerAuthenticate3)r29NetrLogonGetDomainInfo)r30NetrServerPasswordSet2)rrNetrLogonSamLogonEx)rrDsrEnumerateDomainTrusts)r45NetrLogonSamLogonWithFlags)rr?NetrServerReqChallenge)rr(Connect)rrGetAliasMembership)r17 LookupNames)r18 LookupRids)r19 OpenGroup)rr<Close)r25QueryGroupMember)r34OpenUser)r36 QueryUserInfo)rrGetGroupsForUser)rr/ QuerySecurity)rrA LookupDomain)r64Connect5)rr EnumDomains)r7 OpenDomain)r8QueryDomainInfo)r*0x04z Close (0x04))r*0x24zLocking AndX (0x24))r*0x2ezRead AndX (0x2e))r*0x32z Trans2 (0x32))r*0x71zTree Disconnect (0x71)r)zNegotiate Protocol (0x72))r*0x73zSession Setup AndX (0x73))r*0x74zLogoff AndX (0x74))r*0x75zTree Connect AndX (0x75))r*0xa2zNT Create AndX (0xa2))rIr(NegotiateProtocol)rIr6Ioctl)rIr8Find)rIrGetInfo)rIrBreak)rIr< SessionSetup)rIr1 SessionLogoff)rIr/ TreeConnectTreeDisconnectCreateReadz$SAM LOGON request from client (0x12)z3SAM Active Directory Response - user unknown (0x17)NetShareGetInfo NetSrvGetInfo))rIr?)rIrA)rIr)rIr)rK0x12)rK0x17)rr)rrc |dd\}}t||fd}t|d}||d|||||g} | |d| S)Nrr_rrr)rrrrrmr) rnr}rrrrrrr~rs rYexpand_short_packetrswwsAHf   &12 6 6D""8T22K {BT8VT JDKK 99T??r[ctjtjt jddS)zSignal handler closes standard out and error. Triggered by a sigterm, ensures that the log messages are flushed to disk and not lost. rN)rSrTrstdoutr_exit)signalframes rYflushing_signal_handlerrs= JJHQKKKKKr[c|dztjddz}tjtjt j}|dkr|S tj|||f}d} |dd} t| |||} tj tj t| || tjt jdt j|jd| jz} t)| d} tjt jdn4#t*$r'}t,d|zYd }~nd }~wwxYw| t_t1j|z }| |z }|t2z }|dkrt1j|| || \}}}t9d |zt9d |zt9d |zn#t:$rrd} t9dt j| fztjt?j tjtjYnwxYwtjtjt j!| d S#tjtjt j!| wxYw)z8Fork a new process and replay the conversation sequence.ri)rrzstats-conversation-%drr_stdout closing failed with %sN)rrzMaximum lag: %fz Start lag: %fzMax sleep miss: %fz*EXCEPTION in child PID %d, conversation %srO)"r*randintrSrrcrTrforkseedrrSIGTERMrrFstdinrrrrrrIOErrorrinforrrrrRrgetpidra print_excr)csrrrE client_id server_idrpidrstatusrrmrrHrrrrmax_lag start_lagrs rYreplay_seq_in_forkrsA t fnQ44 4DJJ '))C axx * D *  qE!H I2y I I I fn&=>>>--gq999   7<< 02I ! 13233 3   = J      HQKKKK = = = KK7!; < < < < < < < < = ikkE!#g>) >> Jz " " "-.-@-@uIP.A.R.R*N ')*** o )*** "^34444  ;ry{{A>NN:    CJ'''        sX4C$I2F I F=F83I8F==BIL.A9KL.KL..ANctjtjt j}|dkr|Stjt jd tjt jdn4#t$r'}t d|zYd}~nd}~wwxYwtj |j d}t|dt_ d}tjtjt"t%|||}||n_#t($rRd}t+dt jztj t/jtjYnwxYwtjtjt j|dS#tjtjt j|wxYw) Nrr_rz stats-dnsrr)rz)EXCEPTION in child PID %d, the DNS hammerrO)rSrrcrTrrrrrrwarnrrrrrrrrr(rrRrrarr) rrrrr rrr hammers rYdnshammer_in_forkrQs'JJ '))C axx IOOHQKKK9   999 3a7888888889w||G,k::Hh$$CJ  fn&=>>>8X*EEE g &&&& ((( :bikkJ:    CJ''''' (      sE 2B>> C/C**C/2AFH2AGH2GH22AJFc 4td|||t|d| } t|t|kr.tdt|t|fztjt|dz} t j| z} ||ddd|z}t d| ztjt d|| zztjt d |ztj| |zd z}t d t||fz| d t|td |Di} |rt||| |}d||<t|D]*\}}||}|dz}t|| | ||}|||<+t j}t d|| z | z|| z fztjt j|kr|rt jd tjdtj\}}n(#t&$r}|jt*krYd}~n{d}~wwxYw|rX||d}t.dkr.t d||t|fztj| r|dkrnt j|kr|n>#t0$r1t dtjt3jYnwxYw| dt|dD]}t dt||fztj|D]@} tj||#t&$r}|jt8krYd}~9d}~wwxYwt jdt jdz}|r tjdtj\}}n(#t&$r}|jt*krYd}~nd}~wwxYw|dkr||d}|bt d|ztjtjtjdt d||t|fztjt j|krn||snt jd|r+t dt|ztj tj dddS#tB$rt dtjYdSwxYw#| dt|dD]}t dt||fztj|D]@} tj||#t&$r}|jt8krYd}~9d}~wwxYwt jdt jdz}|r tjdtj\}}n(#t&$r}|jt*krYd}~nd}~wwxYw|dkr||d}|bt d|ztjtjtjdt d||t|fztjt j|krn||snt jd|r+t dt|ztj tj ddw#tB$rt dtjYwwxYwxYw) N)rrrrz(we have %d accounts but %d conversationsg{Gz?rjrzWe will start in %.1f secondsrOzWe will stop after %.1f secondszruntime %.1f secondsr%z6Replaying traffic for %u conversations over %d seconds intentionsc34K|]}t|VdSr)rrs rYrzreplay..s(+M+MqCFF+M+M+M+M+M+Mr[)Planned_conversationsPlanned_packetsrr_r#z,all forks done in %.1f seconds, waiting %.1fg~jth?z-process %d finished conversation %d; %d to gozEXCEPTION in parent unfinished)Unfinished_conversations)rrzkilling %d children with -%d?zchildren is %s, no pid foundz)kill -%d %d KILLED conversation; %d to goz%d children are missingzignoring fake ^Crp)"rrrkrsetpgrprrRrSrTrrrsumrr1rrwaitpidWNOHANGOSErrorerrnorpoprQrrarkillrrcrrkillpgKeyboardInterrupt)conversation_seqhostrraccountsrdns_query_filerlatency_timeoutstop_on_any_errorrrdelayrr`childrenr r&r rEr rr rrmrrs rYr(r(ss~ &4"'!034D0E0E&&% &&G  8}}s+,,,,Dx==#.>*?*?@ACC C JLLL  ! !D (E IKK% E$B'+A.@ )E 1z +x%/? @z 8 +z ( S C KKH ! " "H -.///  .12B.C.C(++M+MG K$&$12!    C Jr[c*d||jfzS)z(Generate an ou name from the instance idz#ou=instance-%d,ou=traffic_replay,%s)r)rrs rYou_namer4s$ 0K4ACMOO4E EEr[cNt||} |j|dddddn(#t$r}|j\}}|dkrYd}~nd}~wwxYw |j|ddn(#t$r}|j\}}|dkrYd}~nd}~wwxYw|S)zCreate an ou, all created user and machine accounts will belong to it. This allows all the created resources to be cleaned up easily. rr_organizationalunit)r objectclassDN)r4addrr rXrrrrr rs rY create_our;s k " "BrxxQ''* 466 7 7 7 7 f  R<<  <<<< r 466 7 7 7 7 f  R<<  <<<< Is/-A A% A  A%)A== B"BB"ConversationAccounts)r:r;r<r=cg}td|dzD]I}t||}t||}t||||}||J|S)z;Generate a series of unique machine and user account names.r_)r machine_namer+r<r) rrnumberpasswordr*r&r:r<rEs rYgenerate_replay_accountsrA:svH 1fqj ! !!!#K33 [!,,&|Xx'/11    Or[Tct||}d|d|}dt|zd}|rttt z}ntt }|j|dd|z||ddS) z"Create a machine account via ldap.r2r"%s" utf-16-lecomputerz%s$rr7sAMAccountNameuserAccountControl unicodePwdN)r4r!encoderrrrr9) rrr:r;traffic_accountrrutf16pwaccount_controlss rYcreate_machine_accountrNHs k " "BB#||RR (B ;///77 DDG=86 788;<< CG!,..        r[c$t||}d|d|}dt|zd}|j|d|t t |dt j|}||ddS) zCreate a user account via ldap.r2rrCrDuserrFz (A;;WP;;;PS)N) r4r!rJr9rrr SDUtils dacl_add_ace)rrr<r=rrBrLsdutilss rYcreate_user_accountrTas k " "BB$HHbb)G 8,,,44[AAG CG"!"344   s##G .11111r[c^t||}d|d|}|j|d|ddS)zCreate a group via ldap.r2rgroup)rr7rGN)r4r9)rrrMrrs rY create_grouprWssX k " "BBttRR B CG  r[cd||fzS)z-Generate a user name based in the instance idz STGU-%d-%drprr&s rYr+r+ ;* **r[rPrGcl|jd|g}fd|DS)z'Seach objectclass, return attr in a setz(objectClass={}))rrc:h|]}t|Srp)r)robjattrs rY z%search_objectclass..s# + + +sCD NN + + +r[)rr )rr7r^objss ` rYsearch_objectclassrasM 3:%,,[99f   D , + + +d + + ++r[ct|d}d}t|ddD]U}t||}||vr?t|||||dz }|dzdkrtd||fzV|S)zAdd users to the serverrPr7rrjr_2zCreated %u/%u users)rarr+rTrr)rrr?r@existing_objectsusersr&rMs rYgenerate_usersrgs)#6BBB E 61b ! !EEa(( ' ' ' [$ A A A QJErzQ 1UFOCDDD Lr[c"|rd||fzSd||fzS)z1Generate a machine account name from instance id.z STGM-%d-%dzPC-%d-%drp)rr&rKs rYr>r>s. -{A... [!,,,r[ct|d}d}t|ddD]Z}t|||}|dz|vr@t||||||dz }|dzdkrtd||fz[|S) z"Add machine accounts to the serverrErcrrjr_r_rdzCreated %u/%u machine accounts)rarr>rNrr) rrr?r@rKreaddedr&rMs rYgenerate_machine_accountsrks*#:FFF E 61b ! !PPKO<< #:- - - "3 T8#2 4 4 4 QJErzQ <vNOOO Lr[cd||fzS)z'Generate a group name from instance id.z STGG-%d-%drprYs rY group_namermrZr[ct|d}d}t|ddD]T}t||}||vr>t||||dz }|dzdkrtd||fzU|S)z3Create the required number of groups on the server.rVrcrrjr_rzCreated %u/%u groups)rarrmrWrr)rrr?regroupsr&rMs rYgenerate_groupsrps)#7CCC F 61b ! !GG+q)) ' ' ' k4 0 0 0 aKF}!! 2ff5EEFFF Mr[ct||} |j|dgdS#t$r}|j\}}|dkrYd}~dSd}~wwxYw)z7Remove the created accounts and groups from the server.z tree_delete:1 N)r4deleter rXr:s rYclean_up_accountsrtsx k " "B 2())))) f  R<<  <<<<<s& A AA c d} d} d} t||tdt||||} tdt |||||} |dkr+tdt |||} |dkrmtdt || || ||} tdt||| | } | dkr&| dkr || krt dtd| | | | fzd S) zTGenerate the required users and groups, allocating the users to those groups.rzGenerating dummy user accountsz!Generating dummy machine accountszGenerating dummy groupszAssigning users to groupszAdding users to groupsz(The added groups will contain no membersz:Added %d users (%d machines), %d groups and %d membershipsN) r;rrrgrkrpGroupAssignmentsadd_users_to_groupsrYwarning)rrr@number_of_usersnumber_of_groupsgroup_memberships max_membersmachine_accountstraffic_accountsmemberships_added groups_addedcomputers_added users_added assignmentss rYgenerate_users_and_groupsrs LO c; KK0111 k?HMMK KK3444/[0@(0@BBO! -...&sK9IJJ 1 /000&'7'3'6'2'8'2 44  ,---Ck:::'--//q[A--<''ABBB KKLo|"$$%%%%%r[cPeZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d S) rvcd|_|||||||_t t |_||||||dS)Nr)r)generate_group_distributiongenerate_user_distributionr|rrr assign_groups)rrzrryrr{r|s rYrzGroupAssignments.__init__ s~  (()9::: ''9JKKK&&t,, +\?&(9 ; ; ; ; ;r[cg}t|}|dkrdSd}|D]}||z }|||z  |S)Nrr)rr)rweightsdistrY cumulative probabilitys rYcumulative_distributionz(GroupAssignments.cumulative_distributions_ G  A::4 " , ,K + %J KK U* + + + + r[c|dkrd}n|dkrd}n |dkrd}nd}g}td|dzD]+}tj|}||,|||_d S) zAProbability distribution of a user belonging to a group. i@KLg@ig@ig@g?r_N)rr* paretovariaterr user_dist)r num_usersnum_membershipsshaperrsrns rYrz+GroupAssignments.generate_user_distribution&s W $ $EE w & &EE v % %EEEq)a-((  A$U++A NN1    55g>>r[cg}td|dzD]}d|dzz }|| ||_|||_dS)z6Probability distribution of a group containing a user.r_g?N)rr group_weightsr group_dist)rrrrsrns rYrz,GroupAssignments.generate_group_distribution@si q!a%  AQV A NN1    %66w??r[ctj|jtj}tj|jtj}||fS)z2Returns a randomly generated user-group membership)bisectrr*rrrPrVs rYgenerate_random_membershipz+GroupAssignments.generate_random_membershipNs@}T^V]__== dov}??U{r[c|j|Sr)r)rrVs rYusers_in_groupzGroupAssignments.users_in_groupZs&&r[c4|jSr)rrrs rY get_groupszGroupAssignments.get_groups]s$$&&&r[ct|j|}||kr^td||d|j|dz <||j}||_dSdS)z?Prevent the group's membership from exceeding the max specifiedzGroup {0} has {1} membersrr_N)rrrrr rrr)rrVr| num_membersnew_dists rYcap_group_membershipz%GroupAssignments.cap_group_membership`s$*5122 + % % KK3::5+NN O O O-.D uqy )33D4FGGH&DOOO & %r[c||j|vr0|j|||xjdz c_|jr|||jdSdS)Nr_)rrr)r|rrs rYadd_assignmentzGroupAssignments.add_assignmentlsx t'. . .  U # * *4 0 0 0 JJ!OJJ   ?  % %eT-= > > > > > ? ?r[c|dkrdStjt|t|t|z z}|jrt ||j|z}||z dz }||z dz }||krY|\}} | |ks||kr||dz| dz||kWdSdS)a Allocate users to groups. The intention is to have a few users that belong to most groups, while the majority of users belong to a few groups. A few groups will contain most users, with the remaining only having a few users. rNr_)rSceilrr|r/rYrr) rrzrryrr{existing_usersexisting_groupsrPrVs rYrzGroupAssignments.assign_groupsxs   ! ! F!I # $ $ ;  %"8"8 8 :;;   I #$5$($47G$G!I!I *[8A=*\9A=jjll...99;;KD%&&$*?*?##D1Heai888 jjll.......r[c|jSrr)rs rYrYzGroupAssignments.totals zr[N)rwrxryrrrrrrrrrrrYrpr[rYrvrv s ; ; ;"???4 @ @ @   '''''' ' ' ' ? ? ?999Br[rvc|}d}d}|D]}||}t|dkr+t dt|dD]`}|||dz} t |||| |t| z }|dz }|dzdkrt d||fzadS)zDTakes the assignments of users to groups and applies them to the DB.rrr_rdzAdded %u/%u membershipsN)rYrrrradd_group_membersrr) r!rrrYr)rjrVrchunkchunk_of_userss rYrwrws      E E E''))HH$33E:: ~  ! # #  1c.11488 H HE+E%$,,>?N b+un E E E S(( (E QJErzQ 5FGGG HHHr[c t|| fd}|t||}tj}tj|||_|D]P}|t ||}dt|z} tj|tj d|| <Q| |dS)z(Adds the given users to group specified.cd|dS)Nr2rrp)rMrs rYbuild_dnz#add_group_members..build_dns!TT22&'r[zmember-memberN) r4rmrMessageDnrr+rMessageElement FLAG_MOD_ADDmodify) r!rrVrrgroup_dnmrPrBidxrs @rYrrs [ ! !B(((((x ;6677H A 6"h  ADII(9[$7788#d))##GS-=xHH#IIaLLLLLr[c tjj}d}d}d}i}t}t }||j} nd} | ddddd} dddd} t j|D]} t j || } t| d5}|D]} | d d }|d }|d }|d }t|d }t|d}t||z |}t||}||f}||g||ddkr|d z }n|d z }||xxd z cc<||| |#t$t&f$rd|vr| dd \}}|| vr'tt|| || |<nb|| vr'tt)|| || |<n7t+|tjnt+|tjYwxYw dddn #1swxYwY||z }|dkrd}n||z }|dkrd}n||z }t/|}t+d|zt+d||fzt+d||fzt1| D]0\}}t+d|dddz|fz1t1| D]0\}}t+d|dddz|fz1t+di}|D]5\}}||vrt ||<|||6t1|} | D]}t1||t8}!|!D]}||f}||}"t1|"}"t/|"}#||}t;|"|#z }$t=|"d}%t=|"d}&|"d|"dz }'|"d}(t> |d})t+d|||)|#||$|%|&|'|(f zdS) z/Generate and print the summary stats for a run.rNcdSrrp)rss rYtwzgenerate_stats..tws Dr[z2time conv protocol type duration successful error )z Maximum lagz Start lagzMax sleep miss)rrrr#rrr_r#rdr rTruerrOzTotal conversations: %10dz-Successful operations: %10d (%.3f per second)z-Failed operations: %10d (%.3f per second)z%-28s %frr^z%-28s %dzProtocol Op Code Description Count Failed Mean Median 95% Range Max)rrgffffff?rjrz?%-12s %4s %-35s %12d %12d %12.6f %12.6f %12.6f %12.6f %12.6f)!rS float_infor0rr?writerlistdirrrrrrrr/rrr9rk IndexErrorrrRrTrsortedrreplacer opcode_keyrcalc_percentilerr)*r timing_filerXrZ successfulfailed latenciesfailuresunique_conversationsr float_values int_valuesrrrHrrrr packet_typelatencyropr%rr success_rate failure_rater7opsprotor protocols packet_typesr2r)meanmedian percentilerngmaxvrs* rYgenerate_statsrs#EDJFIH55     BBCCCL "#$%J Jx((&5&5w||Hh// $__$ 5# 5# 5"5#';;t#4#4#:#:4#@#@F#)!9L#)!9H#)!9K#(#3#3GfQi((A#&q7{E#:#:E#&q$<q//C/CLOO*__,/A0:1 -?-?JqMM"$SZ88888d4444 5-# 5$ 5$ 5$ 5$ 5$ 5$ 5$ 5$ 5$ 5$ 5$ 5$ 5$ 5$ 5$ 5Le|HQ !H,  {{ ( ,--M '- 7888 9  & '((( 9 \ " #$$$|))++,,;;1 jAIIc3//#5q99::::z''))**;;1 jAIIc3//#5q99::::  *+++ C" v   CJ E vsxxzz""Ic(m<<< '  KK(B"2FFVE!"FVu,D(66F(66JfQi/CD(,,R44D 0        s8!I:(DF+)I:+B;I* &I:)I* *I::I> I> cL dt|zS#t$r|cYSwxYw)zCSort key for the operation code to ensure that it sorts numericallyz%03d)rrk)rs rYrrK s;A s  ##c0|sdSt|dz |z}tj|}tj|}||kr|t |S|t |||z z}|t |||z z}||zS)ztCalculate the specified percentile from the list of values. Assumes the list is sorted in ascending order. rr_)rrSfloorrr)r2rr%rHrmd0d1s rYrrS s q VqJ&A 1 A ! AAvvc!ff~ A1q5 !B A1q5 !B 7Nr[ctjj|}tjd}tj|tj||S)zuIn a testenv we end up with 0777 directories that look an alarming green colour with ls. Use umask to avoid that.?)rrrumaskmkdir)rrfmasks rYr>r>e s>  dA 8E??DHQKKKHTNNN Hr[r)r_r#)r_r) NNNNrNNr%F)T)rPrG)yrrr*rdrSrSrr#rr collectionsrrrr dns.resolverr r! samba.emulater samba.samdbr rr samba.dcerpcr rrrrsamba.dcerpc.netlogonrrrsamba.drs_utilsrrasamba.credentialsrrr samba.authr samba.dsdbrrrrsamba.dcerpc.miscrsambarr samba.commonr! samba.loggerr"rrcrjrrQrrrrUrRrsrQrwrrZrfrtrrvobjectr{rrrrrrr:r?rDrFrHrrrrrrrr(r2r4r;r<rArNrTrWr+rargr>rkrmrprtrrvrwrrrrr>rpr[rYrsA ( EEEEEEEEEEEE++++++)))))) ))))))//////////!!!!!!444444&&&&&&OOOOOOOOOO%%%%%% +*****######))))))        ?>>   ""  x ( ( (666$      0     i   O<O<O<O<Od*d*d*d*d*6d*d*d*NKWKWKWKWKW KWKWKW\2B2B2B2Bj+++      ]]]]]6]]]@ 4D 4   D   D  T d D d 4ttD d  D! &_3_6_:_9 _ ? _ ; _O_O_Y_f_j_j_o_*_g_ Z!_"'#__$*%_&h'_(~)_**+_,j-_.o/_0&1_2+3_4%5_6b7_8=9_:>;_<?=_>??_@#A_B?C_D#E___F'G_H&I_J7K_L0M_N%O_P'Q_R(S_T7U_V:W_X4Y_Z5[_\4]_^4__`1a_b6c_d8e_f3g___hIi_j(k_lMm_nLo_pKq_r7s_t&u_vJw_xOy_z&{_|?}_~>_@JA_B=C_Dg_h?i_j=k__l$D 5'%}___D<<<<~F"P7P7P7P7fEEE :"z"8#/00   ,0    2222$   +++ ,,,,    - - - - /3"+++      BF*%*%*%*%ZQQQQQvQQQhHHH0(D$     r[