dpkt.snoop

1 # $Id$ 2 # -*- coding: utf-8 -*- 3 """Snoop file format.""" 4 from __future__ import absolute_import 5 6 import time 7 8 from . import dpkt 9 10 # RFC 1761 11 12 SNOOP_MAGIC = 0x736E6F6F70000000 13 14 SNOOP_VERSION = 2 15 16 SDL_8023 = 0 17 SDL_8024 = 1 18 SDL_8025 = 2 19 SDL_8026 = 3 20 SDL_ETHER = 4 21 SDL_HDLC = 5 22 SDL_CHSYNC = 6 23 SDL_IBMCC = 7 24 SDL_FDDI = 8 25 SDL_OTHER = 9 26 27 dltoff = {SDL_ETHER: 14} 28 29

30 -class PktHdr(dpkt.Packet):

31 """snoop packet header. 32 33 TODO: Longer class information.... 34 35 Attributes: 36 __hdr__: Header fields of snoop packet header. 37 TODO. 38 """ 39 40 __byte_order__ = '!' 41 __hdr__ = ( 42 ('orig_len', 'I', 0), 43 ('incl_len', 'I', 0), 44 ('rec_len', 'I', 0), 45 ('cum_drops', 'I', 0), 46 ('ts_sec', 'I', 0), 47 ('ts_usec', 'I', 0), 48 )

49 50

51 -class FileHdr(dpkt.Packet):

52 """snoop file header. 53 54 TODO: Longer class information.... 55 56 Attributes: 57 __hdr__: Header fields of snoop file header. 58 TODO. 59 """ 60 61 __byte_order__ = '!' 62 __hdr__ = ( 63 ('magic', 'Q', SNOOP_MAGIC), 64 ('v', 'I', SNOOP_VERSION), 65 ('linktype', 'I', SDL_ETHER), 66 )

67 68

69 -class Writer(object):

70 """Simple snoop dumpfile writer. 71 72 TODO: Longer class information.... 73 74 Attributes: 75 TODO. 76 """ 77

78 - def __init__(self, fileobj, linktype=SDL_ETHER):

79 self.__f = fileobj 80 fh = FileHdr(linktype=linktype) 81 self.__f.write(str(fh))

82

83 - def writepkt(self, pkt, ts=None):

84 if ts is None: 85 ts = time.time() 86 s = str(pkt) 87 n = len(s) 88 pad_len = 4 - n % 4 if n % 4 else 0 89 ph = PktHdr(orig_len=n, incl_len=n, 90 rec_len=PktHdr.__hdr_len__ + n + pad_len, 91 ts_sec=int(ts), 92 ts_usec=int((int(ts) - float(ts)) * 1000000.0)) 93 self.__f.write(str(ph)) 94 self.__f.write(s + '\0' * pad_len)

95

96 - def close(self):

97 self.__f.close()

98 99

100 -class Reader(object):

101 """Simple pypcap-compatible snoop file reader. 102 103 TODO: Longer class information.... 104 105 Attributes: 106 TODO. 107 """ 108

109 - def __init__(self, fileobj):

110 self.name = fileobj.name 111 self.fd = fileobj.fileno() 112 self.__f = fileobj 113 buf = self.__f.read(FileHdr.__hdr_len__) 114 self.__fh = FileHdr(buf) 115 self.__ph = PktHdr 116 if self.__fh.magic != SNOOP_MAGIC: 117 raise ValueError('invalid snoop header') 118 self.dloff = dltoff[self.__fh.linktype] 119 self.filter = ''

120

121 - def fileno(self):

122 return self.fd

123

124 - def datalink(self):

125 return self.__fh.linktype

126

127 - def setfilter(self, value, optimize=1):

128 return NotImplementedError

129

130 - def readpkts(self):

131 return list(self)

132

133 - def dispatch(self, cnt, callback, *args):

134 if cnt > 0: 135 for i in range(cnt): 136 ts, pkt = next(self) 137 callback(ts, pkt, *args) 138 else: 139 for ts, pkt in self: 140 callback(ts, pkt, *args)

141

142 - def loop(self, callback, *args):

143 self.dispatch(0, callback, *args)

144

145 - def __iter__(self):

146 self.__f.seek(FileHdr.__hdr_len__) 147 while 1: 148 buf = self.__f.read(PktHdr.__hdr_len__) 149 if not buf: break 150 hdr = self.__ph(buf) 151 buf = self.__f.read(hdr.rec_len - PktHdr.__hdr_len__) 152 yield (hdr.ts_sec + (hdr.ts_usec / 1000000.0), buf[:hdr.incl_len])

153

Source Code for Module dpkt.snoop