pypcapkit 1.3.3.post1__cp313-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pcapkit/__init__.py +126 -0
- pcapkit/__main__.py +138 -0
- pcapkit/all.py +136 -0
- pcapkit/const/__init__.py +81 -0
- pcapkit/const/arp/__init__.py +25 -0
- pcapkit/const/arp/hardware.py +181 -0
- pcapkit/const/arp/operation.py +131 -0
- pcapkit/const/ftp/__init__.py +25 -0
- pcapkit/const/ftp/command.py +309 -0
- pcapkit/const/ftp/return_code.py +304 -0
- pcapkit/const/hip/__init__.py +94 -0
- pcapkit/const/hip/certificate.py +77 -0
- pcapkit/const/hip/cipher.py +65 -0
- pcapkit/const/hip/di.py +59 -0
- pcapkit/const/hip/ecdsa_curve.py +59 -0
- pcapkit/const/hip/ecdsa_low_curve.py +56 -0
- pcapkit/const/hip/eddsa_curve.py +65 -0
- pcapkit/const/hip/esp_transform_suite.py +98 -0
- pcapkit/const/hip/group.py +86 -0
- pcapkit/const/hip/hi_algorithm.py +86 -0
- pcapkit/const/hip/hit_suite.py +68 -0
- pcapkit/const/hip/nat_traversal.py +62 -0
- pcapkit/const/hip/notify_message.py +200 -0
- pcapkit/const/hip/packet.py +89 -0
- pcapkit/const/hip/parameter.py +377 -0
- pcapkit/const/hip/registration.py +68 -0
- pcapkit/const/hip/registration_failure.py +84 -0
- pcapkit/const/hip/suite.py +71 -0
- pcapkit/const/hip/transport.py +59 -0
- pcapkit/const/http/__init__.py +39 -0
- pcapkit/const/http/error_code.py +95 -0
- pcapkit/const/http/frame.py +95 -0
- pcapkit/const/http/method.py +184 -0
- pcapkit/const/http/setting.py +96 -0
- pcapkit/const/http/status_code.py +294 -0
- pcapkit/const/ipv4/__init__.py +57 -0
- pcapkit/const/ipv4/classification_level.py +64 -0
- pcapkit/const/ipv4/option_class.py +55 -0
- pcapkit/const/ipv4/option_number.py +137 -0
- pcapkit/const/ipv4/protection_authority.py +63 -0
- pcapkit/const/ipv4/qs_function.py +51 -0
- pcapkit/const/ipv4/router_alert.py +251 -0
- pcapkit/const/ipv4/tos_del.py +51 -0
- pcapkit/const/ipv4/tos_ecn.py +55 -0
- pcapkit/const/ipv4/tos_pre.py +63 -0
- pcapkit/const/ipv4/tos_rel.py +51 -0
- pcapkit/const/ipv4/tos_thr.py +51 -0
- pcapkit/const/ipv4/ts_flag.py +53 -0
- pcapkit/const/ipv6/__init__.py +53 -0
- pcapkit/const/ipv6/extension_header.py +66 -0
- pcapkit/const/ipv6/option.py +137 -0
- pcapkit/const/ipv6/option_action.py +55 -0
- pcapkit/const/ipv6/qs_function.py +51 -0
- pcapkit/const/ipv6/router_alert.py +266 -0
- pcapkit/const/ipv6/routing.py +80 -0
- pcapkit/const/ipv6/seed_id.py +55 -0
- pcapkit/const/ipv6/smf_dpd_mode.py +51 -0
- pcapkit/const/ipv6/tagger_id.py +62 -0
- pcapkit/const/ipx/__init__.py +27 -0
- pcapkit/const/ipx/packet.py +72 -0
- pcapkit/const/ipx/socket.py +104 -0
- pcapkit/const/l2tp/__init__.py +21 -0
- pcapkit/const/l2tp/type.py +51 -0
- pcapkit/const/mh/__init__.py +204 -0
- pcapkit/const/mh/access_type.py +92 -0
- pcapkit/const/mh/ack_status_code.py +71 -0
- pcapkit/const/mh/ani_suboption.py +74 -0
- pcapkit/const/mh/auth_subtype.py +53 -0
- pcapkit/const/mh/binding_ack_flag.py +66 -0
- pcapkit/const/mh/binding_error.py +51 -0
- pcapkit/const/mh/binding_revocation.py +59 -0
- pcapkit/const/mh/binding_update_flag.py +81 -0
- pcapkit/const/mh/cga_extension.py +66 -0
- pcapkit/const/mh/cga_sec.py +57 -0
- pcapkit/const/mh/cga_type.py +68 -0
- pcapkit/const/mh/dhcp_support_mode.py +53 -0
- pcapkit/const/mh/dns_status_code.py +65 -0
- pcapkit/const/mh/dsmip6_tls_packet.py +62 -0
- pcapkit/const/mh/dsmipv6_home_address.py +74 -0
- pcapkit/const/mh/enumerating_algorithm.py +56 -0
- pcapkit/const/mh/fb_ack_status.py +62 -0
- pcapkit/const/mh/fb_action.py +71 -0
- pcapkit/const/mh/fb_indication_trigger.py +65 -0
- pcapkit/const/mh/fb_type.py +59 -0
- pcapkit/const/mh/flow_id_status.py +77 -0
- pcapkit/const/mh/flow_id_suboption.py +71 -0
- pcapkit/const/mh/handoff_type.py +71 -0
- pcapkit/const/mh/handover_ack_flag.py +54 -0
- pcapkit/const/mh/handover_ack_status.py +92 -0
- pcapkit/const/mh/handover_initiate_flag.py +57 -0
- pcapkit/const/mh/handover_initiate_status.py +62 -0
- pcapkit/const/mh/home_address_reply.py +71 -0
- pcapkit/const/mh/lla_code.py +63 -0
- pcapkit/const/mh/lma_mag_suboption.py +59 -0
- pcapkit/const/mh/mn_group_id.py +59 -0
- pcapkit/const/mh/mn_id_subtype.py +77 -0
- pcapkit/const/mh/operator_id.py +63 -0
- pcapkit/const/mh/option.py +260 -0
- pcapkit/const/mh/packet.py +119 -0
- pcapkit/const/mh/qos_attribute.py +89 -0
- pcapkit/const/mh/revocation_status_code.py +83 -0
- pcapkit/const/mh/revocation_trigger.py +86 -0
- pcapkit/const/mh/status_code.py +232 -0
- pcapkit/const/mh/traffic_selector.py +62 -0
- pcapkit/const/mh/upa_status.py +71 -0
- pcapkit/const/mh/upn_reason.py +80 -0
- pcapkit/const/ospf/__init__.py +27 -0
- pcapkit/const/ospf/authentication.py +65 -0
- pcapkit/const/ospf/packet.py +71 -0
- pcapkit/const/pcapng/__init__.py +51 -0
- pcapkit/const/pcapng/block_type.py +152 -0
- pcapkit/const/pcapng/filter_type.py +48 -0
- pcapkit/const/pcapng/hash_algorithm.py +59 -0
- pcapkit/const/pcapng/option_type.py +233 -0
- pcapkit/const/pcapng/record_type.py +57 -0
- pcapkit/const/pcapng/secrets_type.py +56 -0
- pcapkit/const/pcapng/verdict_type.py +53 -0
- pcapkit/const/reg/__init__.py +34 -0
- pcapkit/const/reg/apptype.py +32702 -0
- pcapkit/const/reg/ethertype.py +714 -0
- pcapkit/const/reg/linktype.py +902 -0
- pcapkit/const/reg/transtype.py +523 -0
- pcapkit/const/tcp/__init__.py +35 -0
- pcapkit/const/tcp/checksum.py +55 -0
- pcapkit/const/tcp/flags.py +73 -0
- pcapkit/const/tcp/mp_tcp_option.py +80 -0
- pcapkit/const/tcp/option.py +198 -0
- pcapkit/const/vlan/__init__.py +23 -0
- pcapkit/const/vlan/priority_level.py +71 -0
- pcapkit/corekit/__init__.py +59 -0
- pcapkit/corekit/fields/__init__.py +45 -0
- pcapkit/corekit/fields/collections.py +282 -0
- pcapkit/corekit/fields/field.py +269 -0
- pcapkit/corekit/fields/ipaddress.py +274 -0
- pcapkit/corekit/fields/misc.py +722 -0
- pcapkit/corekit/fields/numbers.py +375 -0
- pcapkit/corekit/fields/strings.py +245 -0
- pcapkit/corekit/infoclass.py +394 -0
- pcapkit/corekit/io.py +506 -0
- pcapkit/corekit/module.py +39 -0
- pcapkit/corekit/multidict.py +626 -0
- pcapkit/corekit/protochain.py +263 -0
- pcapkit/corekit/version.py +33 -0
- pcapkit/dumpkit/__init__.py +15 -0
- pcapkit/dumpkit/common.py +199 -0
- pcapkit/dumpkit/null.py +77 -0
- pcapkit/dumpkit/pcap.py +144 -0
- pcapkit/foundation/__init__.py +45 -0
- pcapkit/foundation/engines/__init__.py +36 -0
- pcapkit/foundation/engines/dpkt.py +230 -0
- pcapkit/foundation/engines/engine.py +194 -0
- pcapkit/foundation/engines/pcap.py +188 -0
- pcapkit/foundation/engines/pcapng.py +310 -0
- pcapkit/foundation/engines/pyshark.py +166 -0
- pcapkit/foundation/engines/scapy.py +161 -0
- pcapkit/foundation/extraction.py +915 -0
- pcapkit/foundation/reassembly/__init__.py +49 -0
- pcapkit/foundation/reassembly/data/__init__.py +48 -0
- pcapkit/foundation/reassembly/data/ip.py +117 -0
- pcapkit/foundation/reassembly/data/tcp.py +145 -0
- pcapkit/foundation/reassembly/ip.py +192 -0
- pcapkit/foundation/reassembly/ipv4.py +50 -0
- pcapkit/foundation/reassembly/ipv6.py +50 -0
- pcapkit/foundation/reassembly/reassembly.py +389 -0
- pcapkit/foundation/reassembly/tcp.py +249 -0
- pcapkit/foundation/registry/__init__.py +41 -0
- pcapkit/foundation/registry/foundation.py +327 -0
- pcapkit/foundation/registry/protocols.py +885 -0
- pcapkit/foundation/traceflow/__init__.py +44 -0
- pcapkit/foundation/traceflow/data/__init__.py +30 -0
- pcapkit/foundation/traceflow/data/tcp.py +105 -0
- pcapkit/foundation/traceflow/tcp.py +159 -0
- pcapkit/foundation/traceflow/traceflow.py +390 -0
- pcapkit/interface/__init__.py +22 -0
- pcapkit/interface/core.py +185 -0
- pcapkit/interface/misc.py +120 -0
- pcapkit/protocols/__init__.py +85 -0
- pcapkit/protocols/application/NotImplemented/bgp.py +0 -0
- pcapkit/protocols/application/NotImplemented/dhcp.py +0 -0
- pcapkit/protocols/application/NotImplemented/dhcpv6.py +0 -0
- pcapkit/protocols/application/NotImplemented/dns.py +0 -0
- pcapkit/protocols/application/NotImplemented/imap.py +0 -0
- pcapkit/protocols/application/NotImplemented/ldap.py +0 -0
- pcapkit/protocols/application/NotImplemented/mqtt.py +0 -0
- pcapkit/protocols/application/NotImplemented/nntp.py +0 -0
- pcapkit/protocols/application/NotImplemented/ntp.py +0 -0
- pcapkit/protocols/application/NotImplemented/onc_rpc.py +0 -0
- pcapkit/protocols/application/NotImplemented/pop.py +0 -0
- pcapkit/protocols/application/NotImplemented/rip.py +0 -0
- pcapkit/protocols/application/NotImplemented/rtp.py +0 -0
- pcapkit/protocols/application/NotImplemented/sip.py +0 -0
- pcapkit/protocols/application/NotImplemented/smtp.py +0 -0
- pcapkit/protocols/application/NotImplemented/snmp.py +0 -0
- pcapkit/protocols/application/NotImplemented/ssh.py +0 -0
- pcapkit/protocols/application/NotImplemented/telnet.py +0 -0
- pcapkit/protocols/application/NotImplemented/tls.py +0 -0
- pcapkit/protocols/application/NotImplemented/xmpp.py +0 -0
- pcapkit/protocols/application/__init__.py +34 -0
- pcapkit/protocols/application/application.py +114 -0
- pcapkit/protocols/application/ftp.py +206 -0
- pcapkit/protocols/application/http.py +176 -0
- pcapkit/protocols/application/httpv1.py +320 -0
- pcapkit/protocols/application/httpv2.py +1255 -0
- pcapkit/protocols/data/__init__.py +192 -0
- pcapkit/protocols/data/application/__init__.py +57 -0
- pcapkit/protocols/data/application/ftp.py +59 -0
- pcapkit/protocols/data/application/httpv1.py +79 -0
- pcapkit/protocols/data/application/httpv2.py +293 -0
- pcapkit/protocols/data/data.py +25 -0
- pcapkit/protocols/data/internet/__init__.py +298 -0
- pcapkit/protocols/data/internet/ah.py +31 -0
- pcapkit/protocols/data/internet/hip.py +804 -0
- pcapkit/protocols/data/internet/hopopt.py +351 -0
- pcapkit/protocols/data/internet/ipv4.py +369 -0
- pcapkit/protocols/data/internet/ipv6.py +67 -0
- pcapkit/protocols/data/internet/ipv6_frag.py +29 -0
- pcapkit/protocols/data/internet/ipv6_opts.py +368 -0
- pcapkit/protocols/data/internet/ipv6_route.py +86 -0
- pcapkit/protocols/data/internet/ipx.py +56 -0
- pcapkit/protocols/data/internet/mh.py +509 -0
- pcapkit/protocols/data/link/__init__.py +33 -0
- pcapkit/protocols/data/link/arp.py +74 -0
- pcapkit/protocols/data/link/ethernet.py +28 -0
- pcapkit/protocols/data/link/l2tp.py +63 -0
- pcapkit/protocols/data/link/ospf.py +58 -0
- pcapkit/protocols/data/link/vlan.py +42 -0
- pcapkit/protocols/data/misc/__init__.py +109 -0
- pcapkit/protocols/data/misc/null.py +18 -0
- pcapkit/protocols/data/misc/pcap/__init__.py +18 -0
- pcapkit/protocols/data/misc/pcap/frame.py +56 -0
- pcapkit/protocols/data/misc/pcap/header.py +53 -0
- pcapkit/protocols/data/misc/pcapng.py +925 -0
- pcapkit/protocols/data/misc/raw.py +25 -0
- pcapkit/protocols/data/protocol.py +32 -0
- pcapkit/protocols/data/transport/__init__.py +71 -0
- pcapkit/protocols/data/transport/tcp.py +555 -0
- pcapkit/protocols/data/transport/udp.py +29 -0
- pcapkit/protocols/internet/NotImplemented/ecn.py +0 -0
- pcapkit/protocols/internet/NotImplemented/esp.py +97 -0
- pcapkit/protocols/internet/NotImplemented/icmp.py +0 -0
- pcapkit/protocols/internet/NotImplemented/icmpv6.py +0 -0
- pcapkit/protocols/internet/NotImplemented/igmp.py +0 -0
- pcapkit/protocols/internet/NotImplemented/shim6.py +0 -0
- pcapkit/protocols/internet/__init__.py +43 -0
- pcapkit/protocols/internet/ah.py +275 -0
- pcapkit/protocols/internet/hip.py +4727 -0
- pcapkit/protocols/internet/hopopt.py +1879 -0
- pcapkit/protocols/internet/internet.py +240 -0
- pcapkit/protocols/internet/ip.py +51 -0
- pcapkit/protocols/internet/ipsec.py +50 -0
- pcapkit/protocols/internet/ipv4.py +1782 -0
- pcapkit/protocols/internet/ipv6.py +361 -0
- pcapkit/protocols/internet/ipv6_frag.py +258 -0
- pcapkit/protocols/internet/ipv6_opts.py +1890 -0
- pcapkit/protocols/internet/ipv6_route.py +710 -0
- pcapkit/protocols/internet/ipx.py +230 -0
- pcapkit/protocols/internet/mh.py +2764 -0
- pcapkit/protocols/link/NotImplemented/dsl.py +0 -0
- pcapkit/protocols/link/NotImplemented/eapol.py +1 -0
- pcapkit/protocols/link/NotImplemented/fddi.py +0 -0
- pcapkit/protocols/link/NotImplemented/isdn.py +0 -0
- pcapkit/protocols/link/NotImplemented/ndp.py +0 -0
- pcapkit/protocols/link/NotImplemented/ppp.py +0 -0
- pcapkit/protocols/link/__init__.py +35 -0
- pcapkit/protocols/link/arp.py +421 -0
- pcapkit/protocols/link/ethernet.py +248 -0
- pcapkit/protocols/link/l2tp.py +267 -0
- pcapkit/protocols/link/link.py +140 -0
- pcapkit/protocols/link/ospf.py +342 -0
- pcapkit/protocols/link/rarp.py +82 -0
- pcapkit/protocols/link/vlan.py +225 -0
- pcapkit/protocols/misc/__init__.py +37 -0
- pcapkit/protocols/misc/null.py +129 -0
- pcapkit/protocols/misc/pcap/__init__.py +17 -0
- pcapkit/protocols/misc/pcap/frame.py +478 -0
- pcapkit/protocols/misc/pcap/header.py +358 -0
- pcapkit/protocols/misc/pcapng.py +5520 -0
- pcapkit/protocols/misc/raw.py +180 -0
- pcapkit/protocols/protocol.py +1216 -0
- pcapkit/protocols/schema/__init__.py +140 -0
- pcapkit/protocols/schema/application/__init__.py +40 -0
- pcapkit/protocols/schema/application/ftp.py +21 -0
- pcapkit/protocols/schema/application/httpv1.py +21 -0
- pcapkit/protocols/schema/application/httpv2.py +384 -0
- pcapkit/protocols/schema/internet/__init__.py +294 -0
- pcapkit/protocols/schema/internet/ah.py +40 -0
- pcapkit/protocols/schema/internet/hip.py +1184 -0
- pcapkit/protocols/schema/internet/hopopt.py +679 -0
- pcapkit/protocols/schema/internet/ipv4.py +576 -0
- pcapkit/protocols/schema/internet/ipv6.py +63 -0
- pcapkit/protocols/schema/internet/ipv6_frag.py +48 -0
- pcapkit/protocols/schema/internet/ipv6_opts.py +680 -0
- pcapkit/protocols/schema/internet/ipv6_route.py +198 -0
- pcapkit/protocols/schema/internet/ipx.py +40 -0
- pcapkit/protocols/schema/internet/mh.py +718 -0
- pcapkit/protocols/schema/link/__init__.py +19 -0
- pcapkit/protocols/schema/link/arp.py +39 -0
- pcapkit/protocols/schema/link/ethernet.py +51 -0
- pcapkit/protocols/schema/link/l2tp.py +88 -0
- pcapkit/protocols/schema/link/ospf.py +90 -0
- pcapkit/protocols/schema/link/vlan.py +69 -0
- pcapkit/protocols/schema/misc/__init__.py +108 -0
- pcapkit/protocols/schema/misc/null.py +18 -0
- pcapkit/protocols/schema/misc/pcap/__init__.py +10 -0
- pcapkit/protocols/schema/misc/pcap/frame.py +51 -0
- pcapkit/protocols/schema/misc/pcap/header.py +63 -0
- pcapkit/protocols/schema/misc/pcapng.py +1689 -0
- pcapkit/protocols/schema/misc/raw.py +24 -0
- pcapkit/protocols/schema/schema.py +809 -0
- pcapkit/protocols/schema/transport/__init__.py +69 -0
- pcapkit/protocols/schema/transport/tcp.py +928 -0
- pcapkit/protocols/schema/transport/udp.py +90 -0
- pcapkit/protocols/transport/NotImplemented/dccp.py +0 -0
- pcapkit/protocols/transport/NotImplemented/rsvp.py +0 -0
- pcapkit/protocols/transport/NotImplemented/sctp.py +0 -0
- pcapkit/protocols/transport/__init__.py +27 -0
- pcapkit/protocols/transport/tcp.py +3025 -0
- pcapkit/protocols/transport/transport.py +158 -0
- pcapkit/protocols/transport/udp.py +214 -0
- pcapkit/py.typed +0 -0
- pcapkit/toolkit/__init__.py +57 -0
- pcapkit/toolkit/dpkt.py +306 -0
- pcapkit/toolkit/pcap.py +212 -0
- pcapkit/toolkit/pcapng.py +251 -0
- pcapkit/toolkit/pyshark.py +99 -0
- pcapkit/toolkit/scapy.py +297 -0
- pcapkit/utilities/__init__.py +20 -0
- pcapkit/utilities/compat.py +196 -0
- pcapkit/utilities/decorators.py +192 -0
- pcapkit/utilities/exceptions.py +365 -0
- pcapkit/utilities/logging.py +55 -0
- pcapkit/utilities/warnings.py +185 -0
- pcapkit/vendor/__init__.py +105 -0
- pcapkit/vendor/__main__.py +92 -0
- pcapkit/vendor/arp/__init__.py +27 -0
- pcapkit/vendor/arp/hardware.py +29 -0
- pcapkit/vendor/arp/operation.py +29 -0
- pcapkit/vendor/default.py +474 -0
- pcapkit/vendor/ftp/__init__.py +27 -0
- pcapkit/vendor/ftp/command.py +244 -0
- pcapkit/vendor/ftp/return_code.py +256 -0
- pcapkit/vendor/hip/__init__.py +94 -0
- pcapkit/vendor/hip/certificate.py +29 -0
- pcapkit/vendor/hip/cipher.py +29 -0
- pcapkit/vendor/hip/di.py +29 -0
- pcapkit/vendor/hip/ecdsa_curve.py +29 -0
- pcapkit/vendor/hip/ecdsa_low_curve.py +29 -0
- pcapkit/vendor/hip/eddsa_curve.py +85 -0
- pcapkit/vendor/hip/esp_transform_suite.py +29 -0
- pcapkit/vendor/hip/group.py +87 -0
- pcapkit/vendor/hip/hi_algorithm.py +29 -0
- pcapkit/vendor/hip/hit_suite.py +29 -0
- pcapkit/vendor/hip/nat_traversal.py +29 -0
- pcapkit/vendor/hip/notify_message.py +29 -0
- pcapkit/vendor/hip/packet.py +88 -0
- pcapkit/vendor/hip/parameter.py +88 -0
- pcapkit/vendor/hip/registration.py +29 -0
- pcapkit/vendor/hip/registration_failure.py +29 -0
- pcapkit/vendor/hip/suite.py +29 -0
- pcapkit/vendor/hip/transport.py +29 -0
- pcapkit/vendor/http/__init__.py +39 -0
- pcapkit/vendor/http/error_code.py +95 -0
- pcapkit/vendor/http/frame.py +91 -0
- pcapkit/vendor/http/method.py +167 -0
- pcapkit/vendor/http/setting.py +93 -0
- pcapkit/vendor/http/status_code.py +185 -0
- pcapkit/vendor/ipv4/__init__.py +57 -0
- pcapkit/vendor/ipv4/classification_level.py +91 -0
- pcapkit/vendor/ipv4/option_class.py +80 -0
- pcapkit/vendor/ipv4/option_number.py +105 -0
- pcapkit/vendor/ipv4/protection_authority.py +84 -0
- pcapkit/vendor/ipv4/qs_function.py +78 -0
- pcapkit/vendor/ipv4/router_alert.py +93 -0
- pcapkit/vendor/ipv4/tos_del.py +78 -0
- pcapkit/vendor/ipv4/tos_ecn.py +95 -0
- pcapkit/vendor/ipv4/tos_pre.py +84 -0
- pcapkit/vendor/ipv4/tos_rel.py +78 -0
- pcapkit/vendor/ipv4/tos_thr.py +77 -0
- pcapkit/vendor/ipv4/ts_flag.py +79 -0
- pcapkit/vendor/ipv6/__init__.py +53 -0
- pcapkit/vendor/ipv6/extension_header.py +171 -0
- pcapkit/vendor/ipv6/option.py +104 -0
- pcapkit/vendor/ipv6/option_action.py +90 -0
- pcapkit/vendor/ipv6/qs_function.py +78 -0
- pcapkit/vendor/ipv6/router_alert.py +93 -0
- pcapkit/vendor/ipv6/routing.py +87 -0
- pcapkit/vendor/ipv6/seed_id.py +81 -0
- pcapkit/vendor/ipv6/smf_dpd_mode.py +78 -0
- pcapkit/vendor/ipv6/tagger_id.py +81 -0
- pcapkit/vendor/ipx/__init__.py +37 -0
- pcapkit/vendor/ipx/packet.py +123 -0
- pcapkit/vendor/ipx/socket.py +125 -0
- pcapkit/vendor/l2tp/__init__.py +21 -0
- pcapkit/vendor/l2tp/type.py +78 -0
- pcapkit/vendor/mh/__init__.py +204 -0
- pcapkit/vendor/mh/access_type.py +87 -0
- pcapkit/vendor/mh/ack_status_code.py +88 -0
- pcapkit/vendor/mh/ani_suboption.py +88 -0
- pcapkit/vendor/mh/auth_subtype.py +83 -0
- pcapkit/vendor/mh/binding_ack_flag.py +148 -0
- pcapkit/vendor/mh/binding_error.py +78 -0
- pcapkit/vendor/mh/binding_revocation.py +87 -0
- pcapkit/vendor/mh/binding_update_flag.py +147 -0
- pcapkit/vendor/mh/cga_extension.py +91 -0
- pcapkit/vendor/mh/cga_sec.py +91 -0
- pcapkit/vendor/mh/cga_type.py +74 -0
- pcapkit/vendor/mh/dhcp_support_mode.py +77 -0
- pcapkit/vendor/mh/dns_status_code.py +87 -0
- pcapkit/vendor/mh/dsmip6_tls_packet.py +87 -0
- pcapkit/vendor/mh/dsmipv6_home_address.py +87 -0
- pcapkit/vendor/mh/enumerating_algorithm.py +82 -0
- pcapkit/vendor/mh/fb_ack_status.py +87 -0
- pcapkit/vendor/mh/fb_action.py +88 -0
- pcapkit/vendor/mh/fb_indication_trigger.py +87 -0
- pcapkit/vendor/mh/fb_type.py +88 -0
- pcapkit/vendor/mh/flow_id_status.py +87 -0
- pcapkit/vendor/mh/flow_id_suboption.py +87 -0
- pcapkit/vendor/mh/handoff_type.py +87 -0
- pcapkit/vendor/mh/handover_ack_flag.py +143 -0
- pcapkit/vendor/mh/handover_ack_status.py +87 -0
- pcapkit/vendor/mh/handover_initiate_flag.py +143 -0
- pcapkit/vendor/mh/handover_initiate_status.py +87 -0
- pcapkit/vendor/mh/home_address_reply.py +87 -0
- pcapkit/vendor/mh/lla_code.py +97 -0
- pcapkit/vendor/mh/lma_mag_suboption.py +88 -0
- pcapkit/vendor/mh/mn_group_id.py +87 -0
- pcapkit/vendor/mh/mn_id_subtype.py +87 -0
- pcapkit/vendor/mh/operator_id.py +87 -0
- pcapkit/vendor/mh/option.py +83 -0
- pcapkit/vendor/mh/packet.py +82 -0
- pcapkit/vendor/mh/qos_attribute.py +87 -0
- pcapkit/vendor/mh/revocation_status_code.py +87 -0
- pcapkit/vendor/mh/revocation_trigger.py +87 -0
- pcapkit/vendor/mh/status_code.py +91 -0
- pcapkit/vendor/mh/traffic_selector.py +87 -0
- pcapkit/vendor/mh/upa_status.py +87 -0
- pcapkit/vendor/mh/upn_reason.py +87 -0
- pcapkit/vendor/ospf/__init__.py +27 -0
- pcapkit/vendor/ospf/authentication.py +29 -0
- pcapkit/vendor/ospf/packet.py +29 -0
- pcapkit/vendor/pcapng/__init__.py +51 -0
- pcapkit/vendor/pcapng/block_type.py +94 -0
- pcapkit/vendor/pcapng/filter_type.py +77 -0
- pcapkit/vendor/pcapng/hash_algorithm.py +82 -0
- pcapkit/vendor/pcapng/option_type.py +287 -0
- pcapkit/vendor/pcapng/record_type.py +81 -0
- pcapkit/vendor/pcapng/secrets_type.py +81 -0
- pcapkit/vendor/pcapng/verdict_type.py +79 -0
- pcapkit/vendor/reg/__init__.py +34 -0
- pcapkit/vendor/reg/apptype.py +338 -0
- pcapkit/vendor/reg/ethertype.py +121 -0
- pcapkit/vendor/reg/linktype.py +110 -0
- pcapkit/vendor/reg/transtype.py +111 -0
- pcapkit/vendor/tcp/__init__.py +35 -0
- pcapkit/vendor/tcp/checksum.py +80 -0
- pcapkit/vendor/tcp/flags.py +149 -0
- pcapkit/vendor/tcp/mp_tcp_option.py +90 -0
- pcapkit/vendor/tcp/option.py +103 -0
- pcapkit/vendor/vlan/__init__.py +23 -0
- pcapkit/vendor/vlan/priority_level.py +97 -0
- pypcapkit-1.3.3.post1.dist-info/LICENSE +29 -0
- pypcapkit-1.3.3.post1.dist-info/METADATA +236 -0
- pypcapkit-1.3.3.post1.dist-info/RECORD +466 -0
- pypcapkit-1.3.3.post1.dist-info/WHEEL +5 -0
- pypcapkit-1.3.3.post1.dist-info/entry_points.txt +3 -0
- pypcapkit-1.3.3.post1.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,188 @@
|
|
|
1
|
+
# -*- coding: utf-8 -*-
|
|
2
|
+
"""PCAP Support
|
|
3
|
+
==================
|
|
4
|
+
|
|
5
|
+
.. module:: pcapkit.foundation.engines.pcap
|
|
6
|
+
|
|
7
|
+
This module contains the implementation for PCAP file extraction
|
|
8
|
+
support, as is used by :class:`pcapkit.foundation.extraction.Extractor`.
|
|
9
|
+
|
|
10
|
+
"""
|
|
11
|
+
from typing import TYPE_CHECKING
|
|
12
|
+
|
|
13
|
+
from pcapkit.foundation.engines.engine import EngineBase as Engine
|
|
14
|
+
from pcapkit.protocols.misc.pcap.frame import Frame
|
|
15
|
+
from pcapkit.protocols.misc.pcap.header import Header
|
|
16
|
+
|
|
17
|
+
__all__ = ['PCAP']
|
|
18
|
+
|
|
19
|
+
if TYPE_CHECKING:
|
|
20
|
+
from pcapkit.const.reg.linktype import LinkType as Enum_LinkType
|
|
21
|
+
from pcapkit.corekit.version import VersionInfo
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
class PCAP(Engine[Frame]):
|
|
25
|
+
"""PCAP file extraction support.
|
|
26
|
+
|
|
27
|
+
Args:
|
|
28
|
+
extractor: :class:`~pcapkit.foundation.extraction.Extractor` instance.
|
|
29
|
+
|
|
30
|
+
"""
|
|
31
|
+
|
|
32
|
+
if TYPE_CHECKING:
|
|
33
|
+
#: Global header.
|
|
34
|
+
_gbhdr: 'Header'
|
|
35
|
+
#: Version info.
|
|
36
|
+
_vinfo: 'VersionInfo'
|
|
37
|
+
#: Data link layer protocol.
|
|
38
|
+
_dlink: 'Enum_LinkType'
|
|
39
|
+
#: Nanosecond flag.
|
|
40
|
+
_nnsec: 'bool'
|
|
41
|
+
|
|
42
|
+
MAGIC_NUMBER = (
|
|
43
|
+
b'\xa1\xb2\x3c\x4d',
|
|
44
|
+
b'\xa1\xb2\xc3\xd4',
|
|
45
|
+
b'\x4d\x3c\xb2\xa1',
|
|
46
|
+
b'\xd4\xc3\xb2\xa1',
|
|
47
|
+
)
|
|
48
|
+
|
|
49
|
+
##########################################################################
|
|
50
|
+
# Defaults.
|
|
51
|
+
##########################################################################
|
|
52
|
+
|
|
53
|
+
#: Engine name.
|
|
54
|
+
__engine_name__ = 'PCAP'
|
|
55
|
+
|
|
56
|
+
#: Engine module name.
|
|
57
|
+
__engine_module__ = 'pcapkit.protocols.misc.pcap'
|
|
58
|
+
|
|
59
|
+
##########################################################################
|
|
60
|
+
# Properties.
|
|
61
|
+
##########################################################################
|
|
62
|
+
|
|
63
|
+
@property
|
|
64
|
+
def header(self) -> 'Header':
|
|
65
|
+
"""Global header."""
|
|
66
|
+
return self._gbhdr
|
|
67
|
+
|
|
68
|
+
@property
|
|
69
|
+
def version(self) -> 'VersionInfo':
|
|
70
|
+
"""Version of input PCAP file."""
|
|
71
|
+
return self._vinfo
|
|
72
|
+
|
|
73
|
+
@property
|
|
74
|
+
def dlink(self) -> 'Enum_LinkType':
|
|
75
|
+
"""Data link layer protocol."""
|
|
76
|
+
return self._dlink
|
|
77
|
+
|
|
78
|
+
@property
|
|
79
|
+
def nanosecond(self) -> 'bool':
|
|
80
|
+
"""Nanosecond flag."""
|
|
81
|
+
return self._nnsec
|
|
82
|
+
|
|
83
|
+
##########################################################################
|
|
84
|
+
# Methods.
|
|
85
|
+
##########################################################################
|
|
86
|
+
|
|
87
|
+
def run(self) -> 'None':
|
|
88
|
+
"""Start extraction.
|
|
89
|
+
|
|
90
|
+
This method is the entry point for PCAP file extraction. It will start
|
|
91
|
+
the extraction process by parsing the PCAP global header and then halt
|
|
92
|
+
the extraction process until the
|
|
93
|
+
:meth:`self.extractor.record_frames <pcapkit.foundation.extraction.Extractor.record_frames>`
|
|
94
|
+
method is called.
|
|
95
|
+
|
|
96
|
+
The method will parse the PCAP global header and save the parsed result
|
|
97
|
+
as :attr:`self.header <header>`. Information such as PCAP version, data
|
|
98
|
+
link layer protocol type, nanosecond flag and byteorder will also be
|
|
99
|
+
save the current :class:`PCAP` engine instance.
|
|
100
|
+
|
|
101
|
+
For output, the method will dump the parsed PCAP global header under
|
|
102
|
+
the name of ``Global Header``.
|
|
103
|
+
|
|
104
|
+
"""
|
|
105
|
+
# pylint: disable=attribute-defined-outside-init,protected-access
|
|
106
|
+
ext = self._extractor
|
|
107
|
+
|
|
108
|
+
self._gbhdr = Header(ext._ifile)
|
|
109
|
+
self._vinfo = self._gbhdr.version
|
|
110
|
+
self._dlink = self._gbhdr.protocol
|
|
111
|
+
self._nnsec = self._gbhdr.nanosecond
|
|
112
|
+
|
|
113
|
+
if ext._flag_q:
|
|
114
|
+
return
|
|
115
|
+
|
|
116
|
+
if ext._flag_f:
|
|
117
|
+
ofile = ext._ofile(f'{ext._ofnm}/Global Header.{ext._fext}')
|
|
118
|
+
ofile(self._gbhdr.info.to_dict(), name='Global Header')
|
|
119
|
+
else:
|
|
120
|
+
ext._ofile(self._gbhdr.info.to_dict(), name='Global Header')
|
|
121
|
+
ofile = ext._ofile
|
|
122
|
+
ext._offmt = ofile.kind
|
|
123
|
+
|
|
124
|
+
def read_frame(self) -> 'Frame':
|
|
125
|
+
"""Read frames.
|
|
126
|
+
|
|
127
|
+
This method performs following operations:
|
|
128
|
+
|
|
129
|
+
- extract frames and each layer of packets;
|
|
130
|
+
- make :class:`~pcapkit.corekit.infoclass.Info` object out of frame properties;
|
|
131
|
+
- write to output file with corresponding dumper;
|
|
132
|
+
- reassemble IP and/or TCP datagram;
|
|
133
|
+
- trace TCP flows if any;
|
|
134
|
+
- record frame :class:`~pcapkit.corekit.infoclass.Info` object to frame storage.
|
|
135
|
+
|
|
136
|
+
Returns:
|
|
137
|
+
Parsed frame instance.
|
|
138
|
+
|
|
139
|
+
"""
|
|
140
|
+
from pcapkit.toolkit.pcap import (ipv4_reassembly, ipv6_reassembly, tcp_reassembly,
|
|
141
|
+
tcp_traceflow)
|
|
142
|
+
ext = self._extractor
|
|
143
|
+
|
|
144
|
+
# read frame header
|
|
145
|
+
frame = Frame(ext._ifile, num=ext._frnum+1, header=self._gbhdr.info,
|
|
146
|
+
layer=ext._exlyr, protocol=ext._exptl, nanosecond=self._nnsec)
|
|
147
|
+
ext._frnum += 1
|
|
148
|
+
|
|
149
|
+
# verbose output
|
|
150
|
+
ext._vfunc(ext, frame)
|
|
151
|
+
|
|
152
|
+
# write plist
|
|
153
|
+
frnum = f'Frame {ext._frnum}'
|
|
154
|
+
if not ext._flag_q:
|
|
155
|
+
if ext._flag_f:
|
|
156
|
+
ofile = ext._ofile(f'{ext._ofnm}/{frnum}.{ext._fext}')
|
|
157
|
+
ofile(frame.info.to_dict(), name=frnum)
|
|
158
|
+
else:
|
|
159
|
+
ext._ofile(frame.info.to_dict(), name=frnum)
|
|
160
|
+
|
|
161
|
+
# record fragments
|
|
162
|
+
if ext._flag_r:
|
|
163
|
+
if ext._ipv4:
|
|
164
|
+
data_ipv4 = ipv4_reassembly(frame)
|
|
165
|
+
if data_ipv4 is not None:
|
|
166
|
+
ext._reasm.ipv4(data_ipv4)
|
|
167
|
+
if ext._ipv6:
|
|
168
|
+
data_ipv6 = ipv6_reassembly(frame)
|
|
169
|
+
if data_ipv6 is not None:
|
|
170
|
+
ext._reasm.ipv6(data_ipv6)
|
|
171
|
+
if ext._tcp:
|
|
172
|
+
data_tcp = tcp_reassembly(frame)
|
|
173
|
+
if data_tcp is not None:
|
|
174
|
+
ext._reasm.tcp(data_tcp)
|
|
175
|
+
|
|
176
|
+
# trace flows
|
|
177
|
+
if ext._flag_t:
|
|
178
|
+
if ext._tcp:
|
|
179
|
+
data_tf_tcp = tcp_traceflow(frame, data_link=self._dlink)
|
|
180
|
+
if data_tf_tcp is not None:
|
|
181
|
+
ext._trace.tcp(data_tf_tcp)
|
|
182
|
+
|
|
183
|
+
# record frames
|
|
184
|
+
if ext._flag_d:
|
|
185
|
+
ext._frame.append(frame)
|
|
186
|
+
|
|
187
|
+
# return frame record
|
|
188
|
+
return frame
|
|
@@ -0,0 +1,310 @@
|
|
|
1
|
+
# -*- coding: utf-8 -*-
|
|
2
|
+
"""PCAP-NG Support
|
|
3
|
+
=====================
|
|
4
|
+
|
|
5
|
+
.. module:: pcapkit.foundation.engines.pcapng
|
|
6
|
+
|
|
7
|
+
This module contains the implementation for PCAP-NG file extraction
|
|
8
|
+
support, as is used by :class:`pcapkit.foundation.extraction.Extractor`.
|
|
9
|
+
|
|
10
|
+
"""
|
|
11
|
+
from logging import warn
|
|
12
|
+
from typing import TYPE_CHECKING, cast
|
|
13
|
+
|
|
14
|
+
from pcapkit.const.pcapng.block_type import BlockType as Enum_BlockType
|
|
15
|
+
from pcapkit.corekit.infoclass import Info, info_final
|
|
16
|
+
from pcapkit.foundation.engines.engine import EngineBase as Engine
|
|
17
|
+
from pcapkit.protocols.misc.pcapng import PCAPNG as P_PCAPNG
|
|
18
|
+
from pcapkit.utilities.exceptions import FormatError, stacklevel
|
|
19
|
+
from pcapkit.utilities.warnings import DeprecatedFormatWarning
|
|
20
|
+
|
|
21
|
+
__all__ = ['PCAPNG']
|
|
22
|
+
|
|
23
|
+
if TYPE_CHECKING:
|
|
24
|
+
from pcapkit.foundation.extraction import Extractor
|
|
25
|
+
from pcapkit.protocols.data.misc.pcapng import PCAPNG as Data_PCAPNG
|
|
26
|
+
from pcapkit.protocols.data.misc.pcapng import CustomBlock as Data_CustomBlock
|
|
27
|
+
from pcapkit.protocols.data.misc.pcapng import \
|
|
28
|
+
DecryptionSecretsBlock as Data_DecryptionSecretsBlock
|
|
29
|
+
from pcapkit.protocols.data.misc.pcapng import EnhancedPacketBlock as Data_EnhancedPacketBlock
|
|
30
|
+
from pcapkit.protocols.data.misc.pcapng import \
|
|
31
|
+
InterfaceDescriptionBlock as Data_InterfaceDescriptionBlock
|
|
32
|
+
from pcapkit.protocols.data.misc.pcapng import \
|
|
33
|
+
InterfaceStatisticsBlock as Data_InterfaceStatisticsBlock
|
|
34
|
+
from pcapkit.protocols.data.misc.pcapng import NameResolutionBlock as Data_NameResolutionBlock
|
|
35
|
+
from pcapkit.protocols.data.misc.pcapng import PacketBlock as Data_PacketBlock
|
|
36
|
+
from pcapkit.protocols.data.misc.pcapng import SectionHeaderBlock as Data_SectionHeaderBlock
|
|
37
|
+
from pcapkit.protocols.data.misc.pcapng import \
|
|
38
|
+
SystemdJournalExportBlock as Data_SystemdJournalExportBlock
|
|
39
|
+
from pcapkit.protocols.data.misc.pcapng import UnknownBlock as Data_UnknownBlock
|
|
40
|
+
|
|
41
|
+
|
|
42
|
+
@info_final
|
|
43
|
+
class Context(Info):
|
|
44
|
+
"""Context manager for PCAP-NG file format."""
|
|
45
|
+
|
|
46
|
+
#: Section header.
|
|
47
|
+
section: 'Data_SectionHeaderBlock'
|
|
48
|
+
|
|
49
|
+
def __post_init__(self) -> None:
|
|
50
|
+
"""Post initialisation hook."""
|
|
51
|
+
self.__update__(
|
|
52
|
+
interfaces=[],
|
|
53
|
+
#packets=[],
|
|
54
|
+
names=[],
|
|
55
|
+
journals=[],
|
|
56
|
+
secrets=[],
|
|
57
|
+
custom=[],
|
|
58
|
+
statistics=[],
|
|
59
|
+
unknown=[],
|
|
60
|
+
)
|
|
61
|
+
|
|
62
|
+
if TYPE_CHECKING:
|
|
63
|
+
#: Interface descriptions.
|
|
64
|
+
interfaces: 'list[Data_InterfaceDescriptionBlock]'
|
|
65
|
+
#: Packets.
|
|
66
|
+
#packets: 'list[Data_PacketBlock | Data_SimplePacketBlock | Data_EnhancedPacketBlock]'
|
|
67
|
+
#: Name resolution records.
|
|
68
|
+
names: 'list[Data_NameResolutionBlock]'
|
|
69
|
+
#: :manpage:`systemd(1)` journal export records.
|
|
70
|
+
journals: 'list[Data_SystemdJournalExportBlock]'
|
|
71
|
+
#: Decryption secrets.
|
|
72
|
+
secrets: 'list[Data_DecryptionSecretsBlock]'
|
|
73
|
+
#: Custom blocks.
|
|
74
|
+
custom: 'list[Data_CustomBlock]'
|
|
75
|
+
#: Interface statistics.
|
|
76
|
+
statistics: 'list[Data_InterfaceStatisticsBlock]'
|
|
77
|
+
#: Unknown blocks.
|
|
78
|
+
unknown: 'list[Data_UnknownBlock]'
|
|
79
|
+
|
|
80
|
+
def __init__(self, section: 'Data_SectionHeaderBlock') -> 'None': ...
|
|
81
|
+
|
|
82
|
+
|
|
83
|
+
class PCAPNG(Engine[P_PCAPNG]):
|
|
84
|
+
"""PCAP-NG file extraction support.
|
|
85
|
+
|
|
86
|
+
Args:
|
|
87
|
+
extractor: :class:`~pcapkit.foundation.extraction.Extractor` instance.
|
|
88
|
+
|
|
89
|
+
"""
|
|
90
|
+
if TYPE_CHECKING:
|
|
91
|
+
#: Current context.
|
|
92
|
+
_ctx: 'Context'
|
|
93
|
+
#: File context storage.
|
|
94
|
+
_ctx_list: 'list[Context]'
|
|
95
|
+
|
|
96
|
+
MAGIC_NUMBER = (
|
|
97
|
+
b'\x0a\x0d\x0d\x0a',
|
|
98
|
+
)
|
|
99
|
+
|
|
100
|
+
##########################################################################
|
|
101
|
+
# Defaults.
|
|
102
|
+
##########################################################################
|
|
103
|
+
|
|
104
|
+
#: Engine name.
|
|
105
|
+
__engine_name__ = 'PCAP-NG'
|
|
106
|
+
|
|
107
|
+
#: Engine module name.
|
|
108
|
+
__engine_module__ = 'pcapkit.protocols.misc.pcapng'
|
|
109
|
+
|
|
110
|
+
##########################################################################
|
|
111
|
+
# Data models.
|
|
112
|
+
##########################################################################
|
|
113
|
+
|
|
114
|
+
def __init__(self, extractor: 'Extractor') -> 'None':
|
|
115
|
+
self._ctx = None # type: ignore[assignment]
|
|
116
|
+
self._ctx_list = []
|
|
117
|
+
|
|
118
|
+
super().__init__(extractor)
|
|
119
|
+
|
|
120
|
+
##########################################################################
|
|
121
|
+
# Methods.
|
|
122
|
+
##########################################################################
|
|
123
|
+
|
|
124
|
+
def run(self) -> 'None':
|
|
125
|
+
"""Start extraction.
|
|
126
|
+
|
|
127
|
+
This method is the entry point for PCAP-NG file extraction. It will
|
|
128
|
+
directly extract the first block, which should be a section header
|
|
129
|
+
block, and then save the related information into the internal
|
|
130
|
+
context storage.
|
|
131
|
+
|
|
132
|
+
"""
|
|
133
|
+
ext = self._extractor
|
|
134
|
+
|
|
135
|
+
shb = P_PCAPNG(ext._ifile, num=0, sct=1, ctx=None)
|
|
136
|
+
if shb.info.type != Enum_BlockType.Section_Header_Block:
|
|
137
|
+
raise FormatError(f'PCAP-NG: [SHB] invalid block type: {shb.info.type!r}')
|
|
138
|
+
|
|
139
|
+
self._ctx = Context(cast('Data_SectionHeaderBlock', shb.info))
|
|
140
|
+
self._ctx_list.append(self._ctx)
|
|
141
|
+
shb._ctx = self._ctx
|
|
142
|
+
|
|
143
|
+
self._write_file(shb.info, name=f'Section Header {len(self._ctx_list)}')
|
|
144
|
+
|
|
145
|
+
def read_frame(self) -> 'P_PCAPNG':
|
|
146
|
+
"""Read frames.
|
|
147
|
+
|
|
148
|
+
This method performs following tasks:
|
|
149
|
+
|
|
150
|
+
- read the next block from input file;
|
|
151
|
+
- check if the block is a packet block;
|
|
152
|
+
- if not, save the block into the internal context storage and repeat;
|
|
153
|
+
- if yes, save the related information into the internal context storage;
|
|
154
|
+
- write the parsed block into output file.
|
|
155
|
+
- reassemble IP and/or TCP fragments;
|
|
156
|
+
- trace TCP flows if any;
|
|
157
|
+
- record frame information if any.
|
|
158
|
+
|
|
159
|
+
Returns:
|
|
160
|
+
Parsed PCAP-NG block.
|
|
161
|
+
|
|
162
|
+
"""
|
|
163
|
+
from pcapkit.toolkit.pcapng import (ipv4_reassembly, ipv6_reassembly, tcp_reassembly,
|
|
164
|
+
tcp_traceflow)
|
|
165
|
+
ext = self._extractor
|
|
166
|
+
|
|
167
|
+
while True:
|
|
168
|
+
# read next block
|
|
169
|
+
block = P_PCAPNG(ext._ifile, num=ext._frnum+1, sct=len(self._ctx_list),
|
|
170
|
+
ctx=self._ctx, layer=ext._exlyr, protocol=ext._exptl,
|
|
171
|
+
__packet__={
|
|
172
|
+
'snaplen': self._get_snaplen(),
|
|
173
|
+
})
|
|
174
|
+
|
|
175
|
+
# check block type
|
|
176
|
+
if block.info.type == Enum_BlockType.Section_Header_Block:
|
|
177
|
+
self._ctx = Context(cast('Data_SectionHeaderBlock', block.info))
|
|
178
|
+
self._ctx_list.append(self._ctx)
|
|
179
|
+
block._ctx = self._ctx
|
|
180
|
+
|
|
181
|
+
self._write_file(block.info, name=f'Section Header {len(self._ctx_list)}')
|
|
182
|
+
|
|
183
|
+
elif block.info.type == Enum_BlockType.Interface_Description_Block:
|
|
184
|
+
self._ctx.interfaces.append(cast('Data_InterfaceDescriptionBlock', block.info))
|
|
185
|
+
self._write_file(block.info, name=f'Interface Description {len(self._ctx.interfaces)}')
|
|
186
|
+
|
|
187
|
+
elif block.info.type == Enum_BlockType.Name_Resolution_Block:
|
|
188
|
+
self._ctx.names.append(cast('Data_NameResolutionBlock', block.info))
|
|
189
|
+
self._write_file(block.info, name=f'Name Resolution {len(self._ctx.names)}')
|
|
190
|
+
|
|
191
|
+
elif block.info.type == Enum_BlockType.systemd_Journal_Export_Block:
|
|
192
|
+
self._ctx.journals.append(cast('Data_SystemdJournalExportBlock', block.info))
|
|
193
|
+
self._write_file(block.info, name=f'systemd Journal Export {len(self._ctx.journals)}')
|
|
194
|
+
|
|
195
|
+
elif block.info.type == Enum_BlockType.Decryption_Secrets_Block:
|
|
196
|
+
self._ctx.secrets.append(cast('Data_DecryptionSecretsBlock', block.info))
|
|
197
|
+
self._write_file(block.info, name=f'Decryption Secrets {len(self._ctx.secrets)}')
|
|
198
|
+
|
|
199
|
+
elif block.info.type == Enum_BlockType.Interface_Statistics_Block:
|
|
200
|
+
isb_info = cast('Data_InterfaceStatisticsBlock', block.info)
|
|
201
|
+
if isb_info.interface_id >= len(self._ctx.interfaces):
|
|
202
|
+
raise FormatError(f'PCAP-NG: [ISB] invalid interface ID: {isb_info.interface_id}')
|
|
203
|
+
self._ctx.statistics.append(isb_info)
|
|
204
|
+
|
|
205
|
+
self._write_file(isb_info, name=f'Interface Statistics {len(self._ctx.statistics)}')
|
|
206
|
+
|
|
207
|
+
elif block.info.type in (Enum_BlockType.Custom_Block_that_rewriters_can_copy_into_new_files,
|
|
208
|
+
Enum_BlockType.Custom_Block_that_rewriters_should_not_copy_into_new_files):
|
|
209
|
+
self._ctx.custom.append(cast('Data_CustomBlock', block.info))
|
|
210
|
+
self._write_file(block.info, name=f'Custom {len(self._ctx.custom)}')
|
|
211
|
+
|
|
212
|
+
elif block.info.type == Enum_BlockType.Enhanced_Packet_Block:
|
|
213
|
+
epb_info = cast('Data_EnhancedPacketBlock', block.info)
|
|
214
|
+
if epb_info.interface_id >= len(self._ctx.interfaces):
|
|
215
|
+
raise FormatError(f'PCAP-NG: [EPB] invalid interface ID: {epb_info.interface_id}')
|
|
216
|
+
break
|
|
217
|
+
|
|
218
|
+
elif block.info.type == Enum_BlockType.Simple_Packet_Block:
|
|
219
|
+
if len(self._ctx.interfaces) != 1:
|
|
220
|
+
raise FormatError(f'PCAP-NG: [SPB] invalid section with {len(self._ctx.interfaces)} interfaces')
|
|
221
|
+
break
|
|
222
|
+
|
|
223
|
+
elif block.info.type == Enum_BlockType.Packet_Block:
|
|
224
|
+
pack_info = cast('Data_PacketBlock', block.info)
|
|
225
|
+
if pack_info.interface_id >= len(self._ctx.interfaces):
|
|
226
|
+
raise FormatError(f'PCAP-NG: [Packet] invalid interface ID: {pack_info.interface_id}')
|
|
227
|
+
|
|
228
|
+
warn('PCAP-NG: [Packet] deprecated block type', DeprecatedFormatWarning,
|
|
229
|
+
stacklevel=stacklevel())
|
|
230
|
+
break
|
|
231
|
+
|
|
232
|
+
else:
|
|
233
|
+
self._ctx.unknown.append(cast('Data_UnknownBlock', block.info))
|
|
234
|
+
self._write_file(block.info, name=f'Unknown {len(self._ctx.unknown)}')
|
|
235
|
+
|
|
236
|
+
# increment frame number
|
|
237
|
+
ext._frnum += 1
|
|
238
|
+
|
|
239
|
+
# verbose output
|
|
240
|
+
ext._vfunc(ext, block)
|
|
241
|
+
|
|
242
|
+
# write plist
|
|
243
|
+
self._write_file(block.info, name=f'Frame {ext._frnum}')
|
|
244
|
+
|
|
245
|
+
# record fragments
|
|
246
|
+
if ext._flag_r:
|
|
247
|
+
if ext._ipv4:
|
|
248
|
+
data_ipv4 = ipv4_reassembly(block)
|
|
249
|
+
if data_ipv4 is not None:
|
|
250
|
+
ext._reasm.ipv4(data_ipv4)
|
|
251
|
+
if ext._ipv6:
|
|
252
|
+
data_ipv6 = ipv6_reassembly(block)
|
|
253
|
+
if data_ipv6 is not None:
|
|
254
|
+
ext._reasm.ipv6(data_ipv6)
|
|
255
|
+
if ext._tcp:
|
|
256
|
+
data_tcp = tcp_reassembly(block)
|
|
257
|
+
if data_tcp is not None:
|
|
258
|
+
ext._reasm.tcp(data_tcp)
|
|
259
|
+
|
|
260
|
+
# trace flows
|
|
261
|
+
if ext._flag_t:
|
|
262
|
+
if ext._tcp:
|
|
263
|
+
data_tf_tcp = tcp_traceflow(block, nanosecond=block.nanosecond)
|
|
264
|
+
if data_tf_tcp is not None:
|
|
265
|
+
ext._trace.tcp(data_tf_tcp)
|
|
266
|
+
|
|
267
|
+
# record blocks
|
|
268
|
+
if ext._flag_d:
|
|
269
|
+
ext._frame.append(block)
|
|
270
|
+
|
|
271
|
+
# return block record
|
|
272
|
+
return block
|
|
273
|
+
|
|
274
|
+
##########################################################################
|
|
275
|
+
# Utilities.
|
|
276
|
+
##########################################################################
|
|
277
|
+
|
|
278
|
+
def _write_file(self, block: 'Data_PCAPNG', *, name: 'str') -> 'None':
|
|
279
|
+
"""Write the parsed block into output file.
|
|
280
|
+
|
|
281
|
+
Args:
|
|
282
|
+
block: The parsed block.
|
|
283
|
+
name: The name of the block.
|
|
284
|
+
|
|
285
|
+
"""
|
|
286
|
+
ext = self._extractor
|
|
287
|
+
if ext._flag_q:
|
|
288
|
+
return
|
|
289
|
+
|
|
290
|
+
if ext._flag_f:
|
|
291
|
+
ofile = ext._ofile(f'{ext._ofnm}/{name}.{ext._fext}')
|
|
292
|
+
ofile(block.to_dict(), name=name)
|
|
293
|
+
else:
|
|
294
|
+
ext._ofile(block.to_dict(), name=name)
|
|
295
|
+
ofile = ext._ofile
|
|
296
|
+
ext._offmt = ofile.kind
|
|
297
|
+
|
|
298
|
+
def _get_snaplen(self) -> 'int':
|
|
299
|
+
"""Get snapshot length from the current context.
|
|
300
|
+
|
|
301
|
+
This method is used for providing the snapshot length to the ``__packet__``
|
|
302
|
+
argument when parsing a Simple Packet Block (SPB).
|
|
303
|
+
|
|
304
|
+
Notes:
|
|
305
|
+
If there is no interface, return ``0xFFFF_FFFF_FFFF_FFFF``.
|
|
306
|
+
|
|
307
|
+
"""
|
|
308
|
+
if self._ctx.interfaces:
|
|
309
|
+
return self._ctx.interfaces[0].snaplen
|
|
310
|
+
return 0xFFFF_FFFF_FFFF_FFFF
|
|
@@ -0,0 +1,166 @@
|
|
|
1
|
+
# -*- coding: utf-8 -*-
|
|
2
|
+
"""PyShark Support
|
|
3
|
+
=====================
|
|
4
|
+
|
|
5
|
+
.. module:: pcapkit.foundation.engines.pyshark
|
|
6
|
+
|
|
7
|
+
This module contains the implementation for `PyShark`_ engine
|
|
8
|
+
support, as is used by :class:`pcapkit.foundation.extraction.Extractor`.
|
|
9
|
+
|
|
10
|
+
.. _PyShark: https://kiminewt.github.io/pyshark
|
|
11
|
+
|
|
12
|
+
"""
|
|
13
|
+
from typing import TYPE_CHECKING, cast
|
|
14
|
+
|
|
15
|
+
from pcapkit.foundation.engines.engine import EngineBase as Engine
|
|
16
|
+
from pcapkit.foundation.reassembly import ReassemblyManager
|
|
17
|
+
from pcapkit.utilities.exceptions import stacklevel
|
|
18
|
+
from pcapkit.utilities.warnings import AttributeWarning, warn
|
|
19
|
+
|
|
20
|
+
__all__ = ['PyShark']
|
|
21
|
+
|
|
22
|
+
if TYPE_CHECKING:
|
|
23
|
+
from pyshark.capture.file_capture import FileCapture
|
|
24
|
+
from pyshark.packet.packet import Packet as PySharkPacket
|
|
25
|
+
|
|
26
|
+
from pcapkit.foundation.extraction import Extractor
|
|
27
|
+
|
|
28
|
+
|
|
29
|
+
class PyShark(Engine['PySharkPacket']):
|
|
30
|
+
"""PyShark engine support.
|
|
31
|
+
|
|
32
|
+
Args:
|
|
33
|
+
extractor: :class:`~pcapkit.foundation.extraction.Extractor` instance.
|
|
34
|
+
|
|
35
|
+
"""
|
|
36
|
+
if TYPE_CHECKING:
|
|
37
|
+
import pyshark
|
|
38
|
+
|
|
39
|
+
#: Engine extraction package.
|
|
40
|
+
_expkg: 'pyshark'
|
|
41
|
+
#: Engine extraction temporary storage.
|
|
42
|
+
_extmp: 'FileCapture'
|
|
43
|
+
|
|
44
|
+
##########################################################################
|
|
45
|
+
# Defaults.
|
|
46
|
+
##########################################################################
|
|
47
|
+
|
|
48
|
+
#: Engine name.
|
|
49
|
+
__engine_name__ = 'PyShark'
|
|
50
|
+
|
|
51
|
+
#: Engine module name.
|
|
52
|
+
__engine_module__ = 'pyshark'
|
|
53
|
+
|
|
54
|
+
##########################################################################
|
|
55
|
+
# Data models.
|
|
56
|
+
##########################################################################
|
|
57
|
+
|
|
58
|
+
def __init__(self, extractor: 'Extractor') -> 'None':
|
|
59
|
+
import pyshark # isort:skip
|
|
60
|
+
|
|
61
|
+
self._expkg = pyshark
|
|
62
|
+
self._extmp = cast('FileCapture', None)
|
|
63
|
+
|
|
64
|
+
super().__init__(extractor)
|
|
65
|
+
|
|
66
|
+
##########################################################################
|
|
67
|
+
# Methods.
|
|
68
|
+
##########################################################################
|
|
69
|
+
|
|
70
|
+
def run(self) -> 'None':
|
|
71
|
+
"""Call :class:`pyshark.FileCapture` to extract PCAP files.
|
|
72
|
+
|
|
73
|
+
This method assigns :attr:`self._expkg <PyShark._expkg>`
|
|
74
|
+
as :mod:`pyshark` and :attr:`self._extmp <PyShark._extmp>`
|
|
75
|
+
as an iterator from :class:`pyshark.FileCapture`.
|
|
76
|
+
|
|
77
|
+
Warns:
|
|
78
|
+
AttributeWarning: Warns under following circumstances:
|
|
79
|
+
|
|
80
|
+
* if :attr:`self.extractor._exlyr <pcapkit.foundation.extraction.Extractor._exlyr>`
|
|
81
|
+
and/or :attr:`self.extractor._exptl <pcapkit.foundation.extraction.Extractor._exptl>`
|
|
82
|
+
is provided as the PyShark engine currently does not
|
|
83
|
+
support such operations.
|
|
84
|
+
* if reassembly is enabled, as the PyShark engine currently
|
|
85
|
+
does not support such operation.
|
|
86
|
+
|
|
87
|
+
"""
|
|
88
|
+
ext = self._extractor
|
|
89
|
+
|
|
90
|
+
if ext._exlyr != 'none' or ext._exptl != 'null':
|
|
91
|
+
warn("'Extractor(engine='pyshark')' does not support protocol and layer threshold; "
|
|
92
|
+
f"'layer={ext._exlyr}' and 'protocol={ext._exptl}' ignored",
|
|
93
|
+
AttributeWarning, stacklevel=stacklevel())
|
|
94
|
+
|
|
95
|
+
if ext._flag_r and (ext._ipv4 or ext._ipv6 or ext._tcp):
|
|
96
|
+
ext._flag_r = False
|
|
97
|
+
ext._reasm = ReassemblyManager(ipv4=None, ipv6=None, tcp=None)
|
|
98
|
+
warn("'Extractor(engine='pyshark')' object dose not support reassembly; "
|
|
99
|
+
f"so 'ipv4={ext._ipv4}', 'ipv6={ext._ipv6}' and 'tcp={ext._tcp}' will be ignored",
|
|
100
|
+
AttributeWarning, stacklevel=stacklevel())
|
|
101
|
+
|
|
102
|
+
# setup verbose handler
|
|
103
|
+
if ext._flag_v:
|
|
104
|
+
ext._vfunc = lambda e, f: print(
|
|
105
|
+
f'Frame {e._frnum:>3d}: {f.frame_info.protocols}' # pylint: disable=protected-access
|
|
106
|
+
) # pylint: disable=logging-fstring-interpolation
|
|
107
|
+
|
|
108
|
+
# extract & analyse file
|
|
109
|
+
self._extmp = self._expkg.FileCapture(ext._ifnm, keep_packets=False)
|
|
110
|
+
|
|
111
|
+
def read_frame(self) -> 'PySharkPacket':
|
|
112
|
+
"""Read frames with PyShark engine.
|
|
113
|
+
|
|
114
|
+
Returns:
|
|
115
|
+
Parsed frame instance.
|
|
116
|
+
|
|
117
|
+
See Also:
|
|
118
|
+
Please refer to :meth:`PCAP.read_frame <pcapkit.foundation.engines.pcap.PCAP.read_frame>`
|
|
119
|
+
for more operational information.
|
|
120
|
+
|
|
121
|
+
"""
|
|
122
|
+
from pcapkit.toolkit.pyshark import packet2dict, tcp_traceflow
|
|
123
|
+
ext = self._extractor
|
|
124
|
+
|
|
125
|
+
# fetch PyShark packet
|
|
126
|
+
packet = cast('PySharkPacket', self._extmp.next())
|
|
127
|
+
|
|
128
|
+
# verbose output
|
|
129
|
+
ext._frnum = int(packet.number)
|
|
130
|
+
ext._vfunc(ext, packet)
|
|
131
|
+
|
|
132
|
+
# write plist
|
|
133
|
+
frnum = f'Frame {ext._frnum}'
|
|
134
|
+
if not ext._flag_q:
|
|
135
|
+
info = packet2dict(packet)
|
|
136
|
+
if ext._flag_f:
|
|
137
|
+
ofile = ext._ofile(f'{ext._ofnm}/{frnum}.{ext._fext}')
|
|
138
|
+
ofile(info, name=frnum)
|
|
139
|
+
else:
|
|
140
|
+
ext._ofile(info, name=frnum)
|
|
141
|
+
ofile = ext._ofile
|
|
142
|
+
ext._offmt = ofile.kind
|
|
143
|
+
|
|
144
|
+
# trace flows
|
|
145
|
+
if ext._flag_t:
|
|
146
|
+
if ext._tcp:
|
|
147
|
+
data_tf_tcp = tcp_traceflow(packet)
|
|
148
|
+
if data_tf_tcp is not None:
|
|
149
|
+
ext._trace.tcp(data_tf_tcp)
|
|
150
|
+
|
|
151
|
+
# record frames
|
|
152
|
+
if ext._flag_d:
|
|
153
|
+
# setattr(packet, 'packet2dict', packet2dict)
|
|
154
|
+
ext._frame.append(packet)
|
|
155
|
+
|
|
156
|
+
# return frame record
|
|
157
|
+
return packet
|
|
158
|
+
|
|
159
|
+
def close(self) -> 'None':
|
|
160
|
+
"""Close engine.
|
|
161
|
+
|
|
162
|
+
This method is to be used for closing the engine instance. It is to
|
|
163
|
+
close the engine instance after the extraction process is finished.
|
|
164
|
+
|
|
165
|
+
"""
|
|
166
|
+
self._extmp.close()
|