-
Notifications
You must be signed in to change notification settings - Fork 46
/
readme
627 lines (435 loc) · 22 KB
/
readme
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
weewx-interceptor
Copyright 2016-2020 Matthew Wall
Distributed under terms of the GPLv3
This is a driver for weewx that receives and parses network traffic. It can
be used with a variety of "internet bridge" devices including:
- Acurite Internet Bridge (also known as the SmartHub)
- Acurite Access
- Oregon Scientific LW301/302
- Fine Offset HP1000/WH2600
- Fine Offset GW1000 (ecowitt protocol)
- Fine Offset wifi consoles (including Ambient)
- LaCrosse GW1000U
With the device_type set to 'wu-client', it can be used with any weather
station that sends directly to weather underground, including the Ambient
S2902 stations and the Acurite Atlas stations via the Acurite Access.
With the device_type set to 'ecowitt-client', it can be used with any weather
station that sends data using the ecowitt protocol, including the Fine Offset
GW1000.
This driver is also useful if you want to use an internet-based weather station
for which the vendor no longer provides online services. For example, Oregon
Scientific shut down their internet gateway, so the LW30x stations now try to
send data to servers that no longer exist. Acurite shut down their myacurite
and aculink services, thus abandoning those who purchased the acurite bridge.
But with a simple DNS entry and the interceptor driver, you can continue to
receive data from these stations.
There are two modes of operation: listen and sniff.
In listen mode, the driver runs a socket server on a dedicated thread. Data
posted to that server are parsed then processed as sensor inputs.
In sniff mode, the driver runs a packet sniffer on a dedicated thread. Data
captured by sniffing are parsed then processed as sensor inputs.
Sniff mode is typically used when you want the device to continue to talk to
the servers it was designed to talk to. In sniff mode, the interceptor will
capture data, but will not interfere with communication. Listen mode is used
when you want the device to talk to *your* server. In listen mode, the
interceptor will capture all communications. So use listen mode when the
vendor no longer provides network services.
Many of these devices support more than just a single cluster of wind, rain,
and temperature/humidity sensors. The sensor_map associates sensor readings
with database fields. You can define your own sensor_map, or you can use the
sensor_map_extensions to override the default sensor_map. The sensor_map is
also used to distinguish between different sensors of the same type, using
hardware and/or channel identifiers that are broadcast by each sensor.
Warning! This driver is experimental. It is fully tested and seems to work
as designed with the Acurite bridge, the Acurite Access, the Fine Offset
HP1000 and WH2600, the Oregon Scientific LW stations, the LaCrosse GW1000U,
and many other devices that use the WU protocol. However, the implementation
is a proof-of-concept to help understand how these devices work. My intent is
to push the components into weewx, at which time the driver will be refactored
to simplify setup for each type of weather station.
===============================================================================
Prerequisites
The 'listen' mode (default) has no pre-requisites.
The 'sniff' mode requires installation of the pypcap or pylibpcap module, each
of which in turn depends on libpcap. Install the pcap dependencies using pip:
sudo pip install pypcap
or using apt-get on debian systems:
sudo apt-get install python-libpcap
===============================================================================
Installation
0) install weewx, select 'Simulator' driver
http://weewx.com/docs/usersguide.htm#installing
1) download the interceptor driver
wget -O weewx-interceptor.zip https://github.com/matthewwall/weewx-interceptor/archive/master.zip
2) install the driver
sudo wee_extension --install weewx-interceptor.zip
3) configure the driver
sudo wee_config --reconfigure --driver=user.interceptor --no-prompt
4) start weewx
sudo /etc/init.d/weewx start
===============================================================================
Driver options
To configure the driver beyond the default values, set parameters in the
[Interceptor] section of the weewx configuration file.
For example, to listen on port 8000 instead of the default port 80:
[Interceptor]
driver = user.interceptor
device_type = observer
port = 8000
To provide the hardware name of your weather station:
[Interceptor]
driver = user.interceptor
device_type = observer
hardware_name = WS-2902A
port = 8000
To listen on port 8080 on the network interface with address 192.168.0.14:
[Interceptor]
driver = user.interceptor
device_type = lw30x
port = 8080
address = 192.168.0.14
To sniff packets from 192.168.0.14 on network interface eth1:
[Interceptor]
driver = user.interceptor
device_type = acurite-bridge
mode = sniff
iface = eth1
pcap_filter = src 192.168.0.14 and dst port 80
For hardware such as the Acurite bridge or LW30x that support multiple remote
sensors, use the sensor_map to map the sensors to database fields. For
example:
[Interceptor]
driver = user.interceptor
device_type = acurite-bridge
...
[[sensor_map]]
inTemp = temperature.06022.* # sensor id 06022
outTemp = temperature.05961.* # sensor id 05961
[Interceptor]
driver = user.interceptor
device_type = lw30x
...
[[sensor_map]]
inTemp = ot.2:*.* # sensor on channel 2
outTemp = ot.1:*.* # sensor on channel 1
For hardware such as the GW1000 that use the ecowitt-client protocol, use the
sensor_map_extensions to add/modify sensor mappings without having to specify
the entire mapping. For example, this would use the readings from the first
temperature sensor as the indoor temperature, and the readings from the fourth
temperature sensor as the outdoor temperature. All of the other sensors would
be mapped using the default sensor mapping for ecowitt-client.
[Interceptor]
driver = user.interceptor
device_type = ecowitt-client
...
[[sensor_map_extensions]]
inTemp = temperature_1
inHumidity = humidity_1
outTemp = temperature_4
outHumidity = humidity_4
===============================================================================
How to run the driver directly
The driver can be run directly for diagnostic purposes. This can be useful
when setting up the capture pipeline or for determining the sensor identifiers.
For example, to run in sniff mode, looking for acurite bridge sensor data:
PYTHONPATH=bin python bin/user/interceptor.py --device=acurite-bridge --mode=sniff --iface=eth0 --filter="src 192.168.0.4 and dst port 80"
To run in listen mode, looking for LW302 sensor data on port 9000:
PYTHONPATH=bin python bin/user/interceptor.py --device=lw30x --mode=listen --port=9000
Specify help for a full list of options:
PYTHONPATH=bin python bin/user/interceptor.py --help
===============================================================================
Example: Ecowitt GW1000 in listen mode on port 8000
1) Using the WSView app, go to the 'customized' page and configure the GW1000
to send to the weewx computer on port 8000 using the ecowitt protocol
2) Configure the interceptor
[Interceptor]
driver = user.interceptor
device_type = ecowitt-client
port = 8000
===============================================================================
Example: Acurite Bridge in listen mode, traffic redirected by DNS hijack
1) Configure the DNS server for the local network. Make a DNS entry for one
(or both) of these names so that they map to the IP address of the computer
running the interceptor driver:
hubapi.myacurite.com # firmware 126 uses this name
www.acu-link.com # firmware 224 uses this name
2) Configure the interceptor
[Interceptor]
driver = user.interceptor
device_type = acurite-bridge
port = 80
===============================================================================
Example: LW302 in listen mode, traffic redirected by DNS hijack
1) Configure the DNS server for the local network. Make a DNS entry for this
name so that it maps to the IP address of the computer running the
interceptor driver:
gateway.weather.oregonscientific.com
2) Configure the interceptor
[Interceptor]
driver = user.interceptor
device_type = lw30x
===============================================================================
Example: Observer in listen mode
1) Configure the Observer to send data to the computer on which interceptor
is running.
2) Set parameters in the weewx configuration file:
[Interceptor]
driver = user.interceptor
device_type = observer
===============================================================================
Example: GW1000U
1) Use the GAS utility to set the proxy on the gateway to the computer on which
interceptor is running.
2) Optionally set parameters in the weewx configuration file:
[Interceptor]
driver = user.interceptor
device_type = lacrosse-bridge
serial = 7FFFXXXXXXXXXXXX # 16-character registration key
sensor_interval = 1 # numer of minutes between sensor updates
history_interval = 3 # integer value in [0-7]
ping_interval = 120 # number of seconds between gateway pings
===============================================================================
Example: sniff mode for any WU client
This example assumes two network interfaces on the computer running weewx.
1) Plug the computer into the local network using the first interface (eth0).
Plug the device into the second interface (eth1).
Bridge the two network interfaces.
If you run any web services on the computer, configure them to listen on
interface eth0, not eth1.
2) Set parameters in the weewx configuration file. The device has IP address
of X.X.X.X
[Interceptor]
driver = user.interceptor
device_type = wu-client
mode = sniff
iface = eth1
pcap_filter = src X.X.X.X and dst port 80
===============================================================================
Example: Acurite Bridge in sniff mode
As of Feb2019, sniffing traffic bound for acurite servers no longer works,
since acurite no longer runs the aculink or myacurite servers.
1) The interceptor must be running on a computer that can see traffic from the
acurite bridge. For example, run weewx on a raspberry pi that has both a
wired network interface and a wifi network interface. Connect the acurite
bridge to the wired interface, and connect the rpi wireless to the local
wireless network. Configure the rpi to bridge or route traffic between
wired and wireless interfaces.
Using iptables, routing would look something like this:
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
If the acurite bridge is the only device on the wired interface, you must
also run a DHCP server on the rpi that will give the acurite bridge a valid
IP address.
2) Configure the interceptor
[Interceptor]
driver = user.interceptor
device_type = acurite-bridge
mode = sniff
iface = eth0
pcap_filter = src X.X.X.X and dst port 80
Where X.X.X.X is the IP address of the acurite bridge on the wired interface.
===============================================================================
Example: LW302 in sniff mode
As of 2018, sniffing traffic bound for oregon scientific servers no longer
works, since oregon scientific shut down their servers.
1) Plug LW302 into first network interface eth0 on computer running weewx.
Bridge the two network interfaces eth0 and eth1 on the computer running
weewx.
2) Set parameters in the weewx configuration file. The LW302 has IP address
of X.X.X.X
[Interceptor]
driver = user.interceptor
device_type = lw30x
mode = sniff
iface = eth0
pcap_filter = src X.X.X.X and dst port 80
===============================================================================
Example: Acurite Bridge in listen mode, traffic sniffed at router
1) Create a script that captures data from the bridge and sends it to the
computer on which weewx runs. The router address is Z.Z.Z.Z, the acurite
bridge address is X.X.X.X, the computer running the interceptor is Y.Y.Y.Y.
#!/bin/sh
# remote to the router, capture traffic, and send to interceptor
ssh Z.Z.Z.Z "tcpdump -U -w - -i vr1 src X.X.X.X and port 80" | combine-lines.pl | xargs -n 1 curl http://Y.Y.Y.Y:9999 -s -d
2) Configure the interceptor
[Interceptor]
driver = user.interceptor
device_type = acurite-bridge
port = 9999
===============================================================================
Reference: Generic configurations
Here are some example configurations, from simplest to most complicated.
Example 1: weewx is running on host 'pi' and nothing is listening on port 80.
Configure the driver to listen on port 80 and configure the internet bridge to
send to the host 'pi' instead of the cloud.
Example 2: weewx is running on host 'pi' with two bridged network interfaces,
eth0 and eth1. Plug the internet bridge into one interface and the network
into the other interface. Configure the driver to sniff traffic from the
internet bridge.
Example 3: weewx is running on host 'pi', nothing is listening on port 80, and
the internet bridge cannot be configured. Configure the driver to listen on
port 80. Add a DNS entry so that traffic from the internet bridge is sent to
'pi' instead of the cloud.
Example 4: weewx is running on host 'pi', nothing is listening on port 80, and
the internet bridge cannot be configured. Configure the driver to listen on
port 80. Configure the router to redirect traffic from the internet bridge
and send it to 'pi' instead of the cloud.
Example 5: weewx is running on host 'pi', which has a web server on port 80
to display weewx reports. Configure the driver to listen on port 9999. Add a
reverse proxy to the web server configuration to direct traffic on port 80 from
the device to port 9999. Add a DNS entry so that traffic from the device is
sent to 'pi' instead of the cloud.
===============================================================================
Reference: How to intercept data
These are strategies for getting data to the driver when the simple approach
(direct from device to driver) is not possible:
1) Hijack DNS
use a local DNS entry to make the internet bridge send directly to weewx
internet_bridge ---> driver ( ---> web_service )
2) HTTP proxy/redirect
configure the internet bridge to send to an HTTP proxy that you control
internet_bridge ---> proxy ---> driver ( ---> web_service )
3) Packet capture
listen to traffic on the network and capture anything from the bridge
internet_bridge ---> tap ( ---> web_service )
\-> driver ( ---> web_service )
Which one you choose depends on your network configuration, network hardware,
and your ability to add and configure devices on the network.
In the examples that follow,
X.X.X.X is the address of the internet bridge
Y.Y.Y.Y is the address of the computer on which weewx is running
PPPP is the port on which the driver is listening
===============================================================================
1) Hijack DNS
Change the DNS entry so that the internet bridge device sends directly to the
driver. If you control DNS on the network, you can make the internet bridge
send to the driver by creating a DNS entry for the host to which the internet
bridge tries to send its data.
The examples that follow use hubapi.myacurite.com. For acurite devices with
firmware 224 you should use www.acu-link.com. For LW30x devices use
gateway.weather.oregonscientific.com.
1a) If you run pfsense, simply add an entry in the Services -> DNS forwarder
host: hubapi
domain: myacurite.com
ip address: Y.Y.Y.Y
OpenWrt has a similar configuration.
1b) If you run your own nameserver, add an entry to your DNS configuration.
For example, a bind9 configuration looks something like this:
In the file /etc/bind/named.conf.local:
zone "hubapi.myacurite.com" {
type master;
file "/etc/bind/myacurite.com";
};
In the file /etc/bind/myacurite.com:
$TTL 604800
@ IN SOA dns.hubapi.myacurite.com. root.hubapi.myacurite.com. (
2016032001 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS dns.hubapi.myacurite.com.
@ IN A Y.Y.Y.Y
* IN A Y.Y.Y.Y
* IN AAAA ::1
This will redirect any requests to hubapi.myacurite.com, but it will not
redirect any requests to myacurite.com.
1c) Alternative bind configuration using DNS views. This configuration sends
the hijacked DNS entry for queries from the weather station, but the standard
DNS entry for wunderground for every other DNS client query. Thanks to Lee H-W
for this very simple DNS solution.
view "watson" {
match-clients { 172.17.1.131/32; }; // weather station
recursion yes;
// view statements as required
zone "rtupdate.wunderground.com" {
type master;
file "/etc/bind/override1.zone";
};
};
===============================================================================
2) HTTP proxy/redirect
Use a proxy to capture HTTP traffic and redirect it to the driver, and use
DNS hijack or direct configuration of the device to make the internet bridge
send to the web proxy. Then configure the web server as a reverse proxy or
with a redirecting CGI script.
2a) Here is an example of an Apache 'reverse proxy' configuration for the
Acurite internet bridge. The Apache server sends any requests from the
internet bridge to the driver.
In the file /etc/apache2/conf.d/myacurite.conf:
RewriteEngine on
RewriteCond %{HTTP_POST} www.myacurite.com
RewriteRule ^/weatherstation(.*)$ http://Y.Y.Y.Y/weatherstation$1
2b) Another option is to use an Apache CGI script. Put a script alias in
the file /etc/apache2/conf.d/myacurite.conf:
ScriptAlias /weatherstation/updateweatherstation/ /usr/lib/cgi-bin/myacurite
and copy the cgi script util/usr/lib/cgi-bin/myacurite to the Apache
cgi-bin directory (nominally /usr/lib/cgi-bin).
2c) Here is a reverse proxy configuration for the nginx web server:
server {
location /weatherstation/ {
proxy_pass http://Y.Y.Y.Y:PPPP/;
}
}
===============================================================================
3) Packet capture configurations
There are many ways to capture traffic. In each case, traffic is intercepted
then sent to the driver. The capture and the driver might run on the same
device, or they can run on separate devices. The traffic may also be sent on
to its original destination.
One strategy is to use a network capture tool such as tcpdump or ngrep to
capture traffic, then use a tool such as nc to direct the traffic to the
driver. Another strategy is to use firewall rules to capture and redirect
traffic.
If the source sends each HTTP request in a single line (e.g., the LW30x or the
Observer), then tcpdump, ngrep, or tcpflow will probably work fine. However,
if the source sends each request in multiple packets (e.g., Acurite bridge
with firmware after July 2016), you will have to use a utility such as
combine-lines.pl (in the util folder) before re-sending the request.
Here are examples of how to capture packets:
option 1: redirect traffic using iptables firewall rules
iptables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port 80 -j redirect --redirect-target ACCEPT
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port PPPP
option 2: capture using tcpdump, redirect using nc
tcpdump -i eth0 src X.X.X.X and port 80 | nc Y.Y.Y.Y PPPP
tcpdump -i eth0 dst hubapi.myacurite.com and port 80 | nc Y.Y.Y.Y PPPP
option 3: capture using ngrep, redirect using nc
ngrep -l -q -d eth0 'ether src host X.X.X.X && dst port 80' | nc Y.Y.Y.Y PPPP
option 4: capture using tcpdump via a secure connection to the router
ssh Z.Z.Z.Z "tcpdump -U -w - -i vr1 src X.X.X.X and port 80" | nc localhost PPPP
option 5: capture using ngrep, filter with sed, forward with curl
ngrep -l -q -d eth0 'xxxxxxxxxxxx' | sed -u '/mac=/!d' | xargs -n 1 curl http://Y.Y.Y.Y:PPPP -s -d
option 6: use stdbuf and strings to extract fragments from tcpdump
tcpdump -Anpl -s0 -w - -i eth0 src X.X.X.X and dst port 80 | stdbuf -oL strings -n8 | combine-lines.pl | xargs -n 1 curl http://Y.Y.Y.Y:PPPP -s -d
option 7: capture using tcpflow
tcpflow -C -i eth0 -s0 tcp dst port 80 | combine-lines.pl | xargs -n 1 curl http://Y.Y.Y.Y:PPPP -s -d
===============================================================================
Here are configurations that use packet capture:
a) Firewall-on-Router
Use firewall rules to redirect traffic from the internet bridge to the driver.
b) Bridge
Configure a computer or other device with two network interfaces to physically
bridge between the internet bridge and the regular network. Plug the internet
bridge into one port, and connect the other port into the local network. The
bridge captures traffic and sends it to the driver.
c) Tap-on-Router
Capture traffic on the network's edge router. This can be done with a script
that captures traffic from the internet bridge and sends it to the driver.
d) Tap-on-Hub
Configure a device connected to the same hub as the internet bridge. Since
any device on a hub can see the network traffic from any other device on the
hub, simply listen for traffic from the internet bridge then send it to the
driver.
e) Tap-on-Switch
Configure a device that is connected to a managed switch. Unmanaged switches
will not work. Configure the switch to mirror the traffic from one port to a
second port. Configure a device on the second port to capture traffic from
the internet bridge then send it to the driver.
f) Tap-on-wireless
Configure a device that is connected to the same wireless network as the
internet bridge, or on a wireless segment that is between the internet bridge
and the edge router. This will probably only work on open, unencrypted
wireless networks.