module PatronusFati::MessageProcessor::Bssid
Public Class Methods
ap_data(attrs)
click to toggle source
# File lib/patronus_fati/message_processor/bssid.rb, line 4 def self.ap_data(attrs) { bssid: attrs[:bssid], type: attrs[:type], channel: attrs[:channel] }.reject { |_, v| v.nil? } end
process(obj)
click to toggle source
# File lib/patronus_fati/message_processor/bssid.rb, line 12 def self.process(obj) # Ignore the initial flood of cached data and any objects that would have # already expired return unless PatronusFati.past_initial_flood? && obj.lasttime >= PatronusFati::DataModels::AccessPoint.current_expiration_threshold # Some messages from kismet come in corrupted with partial MACs. We care # not for them, just drop the bad data. return unless obj.bssid.match(/^([0-9a-f]{2}[:-]){5}[0-9a-f]{2}$/) # Ignore probe requests as their BSSID information is useless (the ESSID # isn't present and it's coming from a client). return unless %w(infrastructure adhoc).include?(obj.type.to_s) # Only create new access points if we're seeing it at a meaningful # detection strength return unless PatronusFati::DataModels::AccessPoint.exists?(obj.bssid) || obj.signal_dbm > PatronusFati::SIGNAL_THRESHOLD ap_info = ap_data(obj.attributes) access_point = PatronusFati::DataModels::AccessPoint[obj.bssid] access_point.update(ap_info) access_point.last_dbm = obj.signal_dbm if obj.signal_dbm access_point.presence.mark_visible access_point.announce_changes nil end