Introduction
UMPA means Umit's Manipulations of Packets Art. It's a library for packet manipulations. It was born during GSoC 2008 as a one of Umit's projects. It's being used as a backend for Packet Manipulator GUI (another Umit's project). The main feature of the library is to prepare and sending packets over the network. This year, I would like to extend the library to make it really useful in many other cases, also to provide long and short terms of simulations.
Project details
There are 4 main features which I would like to hack.
Sniffing
libpcap wrapping
Currently, UMPA doesn't receive packet. It works only in one way (sending). The ideal option to support receiving packets is to use the common library called libpcap. By this, we can use well known format to save and load files with network data. The common and compatible format, allows to reuse files with other applications. To use this library with UMPA, python wrapper is needed. There are several wrappers, like impacket[1], pylibpcap[2] and pypcap[3]. Due to licence incompatiblity or unsupported Windows platform, I would like to use pypcap as a python wrapper for libpcap library. There are still some problems with the wrapper (e.g. function pcap_dispatch() is not supported) but by summing all prons and cons up, this choice fits better our needs than others.
So first, I'm planning to extend pypcap for our needs. I will add pcap_dispatch() functionality and any others if needed. I will test the wrapper against the most common operating systems like GNU/Linux, MS Windows or MacOSX. I have already talked with the main author of pypcap and he agrees this idea and is glad that I would join to pypcap's community.
receiving packets
After preparing and testing pypcap, I'm going to write receiving support for UMPA. It will be done by providing API to functions like available_devices(), receive_one(), receive_loop() and others. I'm going to talk with the author of PacketManipulator about his needs in this scope and to set common API together. Filtering packets will be available too.
Also, I will provide a function for simple action-reaction system (by using pcap_dispatch()). In this system, user could to register callback functions for expected network's frames. Simple scenerio: user send packet A and expect the respond B or C. He registers 2 callbacks for receiving system. And depending which respond will be received (B or C), appropriate function will be called.
Asynchronous Scheduler
UMPA provides an extension called scheduler. It provides functionality to set initial delay for sending packets and interval between sending next frames. This extension in current state is blocking. It means that during a delay or interval time, library freezes process (UMPA uses time.sleep() function). My goal is to write new scheduler which will be non-blocking. Because UMPA is a library, using multiprocessing is improper. Threads are not the best option neither. They would solve some part of problems, like not freezing process, so GUI like PacketManipulator wouldn't be freezed too. On the other hand, new problems will occur with synchronization of threads during receiving packets. To avoid this, I'm going to use asynchronous technique. There are several already done frameworks for this (Twisted[4], asyncore[5] and others). I'm going to use asyncore for several reasons like:
- it's distributed with Python Standard Library (no additional dependencies)
- it's very lightweight (minimal additional CPU load)
- it avoids to write asynchronous scheduler from a scratch (and speeds up developing process)
The only problem is that currently asyncore doesn't support future callbacks. There is an opened ticket for this issue[6] with attached patches and it's going to be commited soon. I'm going to rewrite this patch, to get back-compatibility with older Python's versions than trunk and distribute own version of asyncore with UMPA (with all compatible manner).
After all, UMPA will provide both schedulders, blocking and non-blocking. The reason to keep both is to give users a chance to pick appropriate for own needs (blocking scheduling will provide more friendly environment and its easier to use it for short applications).
Template System
The third feature which I'm going to implement is the template system.
Longterm simulation usecase describes goals of this idea:
User prepares a scenerio of the network simulation. He set rules and behaviours for received packets. UMPA will create new packets on demand and will be able to use information received from the packets to construct suitable packets to send them back. By creating complex scenerio, it's possible to keep UMPA alive for weeks and simulate some hardwares or softwares behaviours.
UMPA will become really powerful tool with this feature. It can be use in many simulation processes by hackers or even scientists (for analyse or provide scientist theories). Template system will be useful also in daily short-term cases. Like for checking stability of the network hardware by administrators. This feature is providing some intelligent for created packets!
Template system will be based on Python files for 2 reasons.
- it will get some features by low cost (like loops, conditions)
- user who is using UMPA library knows Python and he doesn't have to learn another (template) language
Additional functions will be provided to get easy way to write templates, especially for long-term cases where using too many conditions may fail (e.g. to generate sequence of packets). To clarify, async scheduler will be strongly integrated part of template system.
Real usecase implementation
I use UMPA in my master thesis. In shortcut,t he thesis is about longterm spoofing on 2- and 3- layer of OSI model to provide some not detectable system without MAC collisions. I will provide the scenerio related to this. There are some benefits of this:
- user get complex and academic scenerio example (propably it will affect every UMPA features so it's good for overview)
- I will meet real problem and usecase (not only abstracted) and will get a chance to see what is missing in UMPA or template system and could add another functionality
- I will prepare scientific papers after graduated, which will promote UMPA and Umit Project in large scope (scientists, hackers, etc.)
Protocol Implementation
I will implement missing protocols like ICMP or ARP. There is few limitation in core of UMPA to implement e.g. ICMP. I will restructure or rewrite part of core code if I would come across any problems during implementation phase.
Quality of the source code
I'm going to follow test-driven development[7] method. It will avoid to get unexpected errors and bugs, and increase general quality of code. Also it helps to find bugs and fix them quickly.
Summary
Here is a list of features which should be done during GSoC:
- directly for UMPA
- sniffing/receiving packets
- asynchronous scheduling
- teplate system
- some other which will be the effect of listed above: action-reaction, generator of sequence
- indirectly for UMPA
- new features for pypcap library
- backport of future callbacks for asyncore module
- unit tests for UMPA
Project Schedule
I'm able to spend up to 50 hours weekly for this project. This is my only task during the summer and I'm going to be completely focused only on this project. Also, I don't have any classes this semester and I don't need a time for exams period.
| 23.05-29.05 | libpcap wrapper: understand the architecture, write missing features, test on common platforms |
| 30.05-06.06 | receive packets support |
| 07.06-11.06 | action-reaction: provide API, implement backend |
| 11.06-18.06 | asyncore patch backporting |
| 19.06-08.07 | asynch scheduler support |
| 09.07-26.07 | template system: provide API, sequence generator |
| 27.07-02.08 | prepare an example longterm scenerio (related to my master thesis) and tune template system to occured needs |
| 03.08-09.08 | implement missing protocols (ARP, ICMP and others) and possible changes in core of UMPA |
| 10.08-17.08 | improve documentation, test whole application, release new version of UMPA, prepare package for Google |
References
[1] http://oss.coresecurity.com/projects/impacket.html
[2] http://pylibpcap.sourceforge.net
[3] http://code.google.com/p/pypcap/
[5] http://docs.python.org/library/asyncore.html
