Package dpkt :: Module snoop
[hide private]
[frames] | no frames]

Source Code for Module dpkt.snoop

  1  # $Id$ 
  2  # -*- coding: utf-8 -*- 
  3  """Snoop file format.""" 
  4  from __future__ import absolute_import 
  5   
  6  import time 
  7   
  8  from . import dpkt 
  9   
 10  # RFC 1761 
 11   
 12  SNOOP_MAGIC = 0x736E6F6F70000000 
 13   
 14  SNOOP_VERSION = 2 
 15   
 16  SDL_8023 = 0 
 17  SDL_8024 = 1 
 18  SDL_8025 = 2 
 19  SDL_8026 = 3 
 20  SDL_ETHER = 4 
 21  SDL_HDLC = 5 
 22  SDL_CHSYNC = 6 
 23  SDL_IBMCC = 7 
 24  SDL_FDDI = 8 
 25  SDL_OTHER = 9 
 26   
 27  dltoff = {SDL_ETHER: 14} 
 28   
 29   
30 -class PktHdr(dpkt.Packet):
31 """snoop packet header. 32 33 TODO: Longer class information.... 34 35 Attributes: 36 __hdr__: Header fields of snoop packet header. 37 TODO. 38 """ 39 40 __byte_order__ = '!' 41 __hdr__ = ( 42 ('orig_len', 'I', 0), 43 ('incl_len', 'I', 0), 44 ('rec_len', 'I', 0), 45 ('cum_drops', 'I', 0), 46 ('ts_sec', 'I', 0), 47 ('ts_usec', 'I', 0), 48 )
49 50
51 -class FileHdr(dpkt.Packet):
52 """snoop file header. 53 54 TODO: Longer class information.... 55 56 Attributes: 57 __hdr__: Header fields of snoop file header. 58 TODO. 59 """ 60 61 __byte_order__ = '!' 62 __hdr__ = ( 63 ('magic', 'Q', SNOOP_MAGIC), 64 ('v', 'I', SNOOP_VERSION), 65 ('linktype', 'I', SDL_ETHER), 66 )
67 68
69 -class Writer(object):
70 """Simple snoop dumpfile writer. 71 72 TODO: Longer class information.... 73 74 Attributes: 75 TODO. 76 """ 77
78 - def __init__(self, fileobj, linktype=SDL_ETHER):
79 self.__f = fileobj 80 fh = FileHdr(linktype=linktype) 81 self.__f.write(str(fh))
82
83 - def writepkt(self, pkt, ts=None):
84 if ts is None: 85 ts = time.time() 86 s = str(pkt) 87 n = len(s) 88 pad_len = 4 - n % 4 if n % 4 else 0 89 ph = PktHdr(orig_len=n, incl_len=n, 90 rec_len=PktHdr.__hdr_len__ + n + pad_len, 91 ts_sec=int(ts), 92 ts_usec=int((int(ts) - float(ts)) * 1000000.0)) 93 self.__f.write(str(ph)) 94 self.__f.write(s + '\0' * pad_len)
95
96 - def close(self):
97 self.__f.close()
98 99
100 -class Reader(object):
101 """Simple pypcap-compatible snoop file reader. 102 103 TODO: Longer class information.... 104 105 Attributes: 106 TODO. 107 """ 108
109 - def __init__(self, fileobj):
110 self.name = fileobj.name 111 self.fd = fileobj.fileno() 112 self.__f = fileobj 113 buf = self.__f.read(FileHdr.__hdr_len__) 114 self.__fh = FileHdr(buf) 115 self.__ph = PktHdr 116 if self.__fh.magic != SNOOP_MAGIC: 117 raise ValueError('invalid snoop header') 118 self.dloff = dltoff[self.__fh.linktype] 119 self.filter = ''
120
121 - def fileno(self):
122 return self.fd
123 126
127 - def setfilter(self, value, optimize=1):
128 return NotImplementedError
129
130 - def readpkts(self):
131 return list(self)
132
133 - def dispatch(self, cnt, callback, *args):
134 if cnt > 0: 135 for i in range(cnt): 136 ts, pkt = next(self) 137 callback(ts, pkt, *args) 138 else: 139 for ts, pkt in self: 140 callback(ts, pkt, *args)
141
142 - def loop(self, callback, *args):
143 self.dispatch(0, callback, *args)
144
145 - def __iter__(self):
146 self.__f.seek(FileHdr.__hdr_len__) 147 while 1: 148 buf = self.__f.read(PktHdr.__hdr_len__) 149 if not buf: break 150 hdr = self.__ph(buf) 151 buf = self.__f.read(hdr.rec_len - PktHdr.__hdr_len__) 152 yield (hdr.ts_sec + (hdr.ts_usec / 1000000.0), buf[:hdr.incl_len])
153