pypcapkit 1.3.5.post6__cp313-none-any.whl
Sign up to get free protection for your applications and to get access to all the features.
- pcapkit/__init__.py +124 -0
- pcapkit/__main__.py +138 -0
- pcapkit/all.py +136 -0
- pcapkit/const/__init__.py +81 -0
- pcapkit/const/arp/__init__.py +25 -0
- pcapkit/const/arp/hardware.py +181 -0
- pcapkit/const/arp/operation.py +131 -0
- pcapkit/const/ftp/__init__.py +25 -0
- pcapkit/const/ftp/command.py +309 -0
- pcapkit/const/ftp/return_code.py +304 -0
- pcapkit/const/hip/__init__.py +94 -0
- pcapkit/const/hip/certificate.py +77 -0
- pcapkit/const/hip/cipher.py +65 -0
- pcapkit/const/hip/di.py +59 -0
- pcapkit/const/hip/ecdsa_curve.py +59 -0
- pcapkit/const/hip/ecdsa_low_curve.py +56 -0
- pcapkit/const/hip/eddsa_curve.py +65 -0
- pcapkit/const/hip/esp_transform_suite.py +98 -0
- pcapkit/const/hip/group.py +86 -0
- pcapkit/const/hip/hi_algorithm.py +86 -0
- pcapkit/const/hip/hit_suite.py +68 -0
- pcapkit/const/hip/nat_traversal.py +62 -0
- pcapkit/const/hip/notify_message.py +200 -0
- pcapkit/const/hip/packet.py +89 -0
- pcapkit/const/hip/parameter.py +377 -0
- pcapkit/const/hip/registration.py +68 -0
- pcapkit/const/hip/registration_failure.py +84 -0
- pcapkit/const/hip/suite.py +71 -0
- pcapkit/const/hip/transport.py +59 -0
- pcapkit/const/http/__init__.py +39 -0
- pcapkit/const/http/error_code.py +95 -0
- pcapkit/const/http/frame.py +95 -0
- pcapkit/const/http/method.py +184 -0
- pcapkit/const/http/setting.py +96 -0
- pcapkit/const/http/status_code.py +298 -0
- pcapkit/const/ipv4/__init__.py +57 -0
- pcapkit/const/ipv4/classification_level.py +64 -0
- pcapkit/const/ipv4/option_class.py +55 -0
- pcapkit/const/ipv4/option_number.py +137 -0
- pcapkit/const/ipv4/protection_authority.py +63 -0
- pcapkit/const/ipv4/qs_function.py +51 -0
- pcapkit/const/ipv4/router_alert.py +251 -0
- pcapkit/const/ipv4/tos_del.py +51 -0
- pcapkit/const/ipv4/tos_ecn.py +55 -0
- pcapkit/const/ipv4/tos_pre.py +63 -0
- pcapkit/const/ipv4/tos_rel.py +51 -0
- pcapkit/const/ipv4/tos_thr.py +51 -0
- pcapkit/const/ipv4/ts_flag.py +53 -0
- pcapkit/const/ipv6/__init__.py +53 -0
- pcapkit/const/ipv6/extension_header.py +69 -0
- pcapkit/const/ipv6/option.py +137 -0
- pcapkit/const/ipv6/option_action.py +55 -0
- pcapkit/const/ipv6/qs_function.py +51 -0
- pcapkit/const/ipv6/router_alert.py +266 -0
- pcapkit/const/ipv6/routing.py +80 -0
- pcapkit/const/ipv6/seed_id.py +55 -0
- pcapkit/const/ipv6/smf_dpd_mode.py +51 -0
- pcapkit/const/ipv6/tagger_id.py +62 -0
- pcapkit/const/ipx/__init__.py +27 -0
- pcapkit/const/ipx/packet.py +72 -0
- pcapkit/const/ipx/socket.py +104 -0
- pcapkit/const/l2tp/__init__.py +21 -0
- pcapkit/const/l2tp/type.py +51 -0
- pcapkit/const/mh/__init__.py +204 -0
- pcapkit/const/mh/access_type.py +92 -0
- pcapkit/const/mh/ack_status_code.py +71 -0
- pcapkit/const/mh/ani_suboption.py +74 -0
- pcapkit/const/mh/auth_subtype.py +53 -0
- pcapkit/const/mh/binding_ack_flag.py +66 -0
- pcapkit/const/mh/binding_error.py +51 -0
- pcapkit/const/mh/binding_revocation.py +59 -0
- pcapkit/const/mh/binding_update_flag.py +81 -0
- pcapkit/const/mh/cga_extension.py +66 -0
- pcapkit/const/mh/cga_sec.py +57 -0
- pcapkit/const/mh/cga_type.py +68 -0
- pcapkit/const/mh/dhcp_support_mode.py +53 -0
- pcapkit/const/mh/dns_status_code.py +65 -0
- pcapkit/const/mh/dsmip6_tls_packet.py +62 -0
- pcapkit/const/mh/dsmipv6_home_address.py +74 -0
- pcapkit/const/mh/enumerating_algorithm.py +56 -0
- pcapkit/const/mh/fb_ack_status.py +62 -0
- pcapkit/const/mh/fb_action.py +71 -0
- pcapkit/const/mh/fb_indication_trigger.py +65 -0
- pcapkit/const/mh/fb_type.py +59 -0
- pcapkit/const/mh/flow_id_status.py +77 -0
- pcapkit/const/mh/flow_id_suboption.py +71 -0
- pcapkit/const/mh/handoff_type.py +71 -0
- pcapkit/const/mh/handover_ack_flag.py +54 -0
- pcapkit/const/mh/handover_ack_status.py +92 -0
- pcapkit/const/mh/handover_initiate_flag.py +57 -0
- pcapkit/const/mh/handover_initiate_status.py +62 -0
- pcapkit/const/mh/home_address_reply.py +71 -0
- pcapkit/const/mh/lla_code.py +63 -0
- pcapkit/const/mh/lma_mag_suboption.py +59 -0
- pcapkit/const/mh/mn_group_id.py +59 -0
- pcapkit/const/mh/mn_id_subtype.py +77 -0
- pcapkit/const/mh/operator_id.py +63 -0
- pcapkit/const/mh/option.py +260 -0
- pcapkit/const/mh/packet.py +119 -0
- pcapkit/const/mh/qos_attribute.py +89 -0
- pcapkit/const/mh/revocation_status_code.py +83 -0
- pcapkit/const/mh/revocation_trigger.py +86 -0
- pcapkit/const/mh/status_code.py +232 -0
- pcapkit/const/mh/traffic_selector.py +62 -0
- pcapkit/const/mh/upa_status.py +71 -0
- pcapkit/const/mh/upn_reason.py +80 -0
- pcapkit/const/ospf/__init__.py +27 -0
- pcapkit/const/ospf/authentication.py +65 -0
- pcapkit/const/ospf/packet.py +71 -0
- pcapkit/const/pcapng/__init__.py +51 -0
- pcapkit/const/pcapng/block_type.py +152 -0
- pcapkit/const/pcapng/filter_type.py +48 -0
- pcapkit/const/pcapng/hash_algorithm.py +59 -0
- pcapkit/const/pcapng/option_type.py +233 -0
- pcapkit/const/pcapng/record_type.py +57 -0
- pcapkit/const/pcapng/secrets_type.py +56 -0
- pcapkit/const/pcapng/verdict_type.py +53 -0
- pcapkit/const/reg/__init__.py +34 -0
- pcapkit/const/reg/apptype.py +32728 -0
- pcapkit/const/reg/ethertype.py +714 -0
- pcapkit/const/reg/linktype.py +890 -0
- pcapkit/const/reg/transtype.py +526 -0
- pcapkit/const/tcp/__init__.py +35 -0
- pcapkit/const/tcp/checksum.py +55 -0
- pcapkit/const/tcp/flags.py +73 -0
- pcapkit/const/tcp/mp_tcp_option.py +80 -0
- pcapkit/const/tcp/option.py +198 -0
- pcapkit/const/vlan/__init__.py +23 -0
- pcapkit/const/vlan/priority_level.py +71 -0
- pcapkit/corekit/__init__.py +59 -0
- pcapkit/corekit/fields/__init__.py +45 -0
- pcapkit/corekit/fields/collections.py +282 -0
- pcapkit/corekit/fields/field.py +269 -0
- pcapkit/corekit/fields/ipaddress.py +274 -0
- pcapkit/corekit/fields/misc.py +722 -0
- pcapkit/corekit/fields/numbers.py +375 -0
- pcapkit/corekit/fields/strings.py +245 -0
- pcapkit/corekit/infoclass.py +394 -0
- pcapkit/corekit/io.py +506 -0
- pcapkit/corekit/module.py +39 -0
- pcapkit/corekit/multidict.py +626 -0
- pcapkit/corekit/protochain.py +263 -0
- pcapkit/corekit/version.py +33 -0
- pcapkit/dumpkit/__init__.py +15 -0
- pcapkit/dumpkit/common.py +199 -0
- pcapkit/dumpkit/null.py +77 -0
- pcapkit/dumpkit/pcap.py +144 -0
- pcapkit/foundation/__init__.py +45 -0
- pcapkit/foundation/engines/__init__.py +36 -0
- pcapkit/foundation/engines/dpkt.py +230 -0
- pcapkit/foundation/engines/engine.py +194 -0
- pcapkit/foundation/engines/pcap.py +188 -0
- pcapkit/foundation/engines/pcapng.py +310 -0
- pcapkit/foundation/engines/pyshark.py +166 -0
- pcapkit/foundation/engines/scapy.py +161 -0
- pcapkit/foundation/extraction.py +915 -0
- pcapkit/foundation/reassembly/__init__.py +49 -0
- pcapkit/foundation/reassembly/data/__init__.py +48 -0
- pcapkit/foundation/reassembly/data/ip.py +117 -0
- pcapkit/foundation/reassembly/data/tcp.py +145 -0
- pcapkit/foundation/reassembly/ip.py +192 -0
- pcapkit/foundation/reassembly/ipv4.py +50 -0
- pcapkit/foundation/reassembly/ipv6.py +50 -0
- pcapkit/foundation/reassembly/reassembly.py +389 -0
- pcapkit/foundation/reassembly/tcp.py +249 -0
- pcapkit/foundation/registry/__init__.py +41 -0
- pcapkit/foundation/registry/foundation.py +327 -0
- pcapkit/foundation/registry/protocols.py +885 -0
- pcapkit/foundation/traceflow/__init__.py +44 -0
- pcapkit/foundation/traceflow/data/__init__.py +30 -0
- pcapkit/foundation/traceflow/data/tcp.py +105 -0
- pcapkit/foundation/traceflow/tcp.py +159 -0
- pcapkit/foundation/traceflow/traceflow.py +390 -0
- pcapkit/interface/__init__.py +22 -0
- pcapkit/interface/core.py +185 -0
- pcapkit/interface/misc.py +120 -0
- pcapkit/protocols/__init__.py +85 -0
- pcapkit/protocols/application/NotImplemented/bgp.py +0 -0
- pcapkit/protocols/application/NotImplemented/dhcp.py +0 -0
- pcapkit/protocols/application/NotImplemented/dhcpv6.py +0 -0
- pcapkit/protocols/application/NotImplemented/dns.py +0 -0
- pcapkit/protocols/application/NotImplemented/imap.py +0 -0
- pcapkit/protocols/application/NotImplemented/ldap.py +0 -0
- pcapkit/protocols/application/NotImplemented/mqtt.py +0 -0
- pcapkit/protocols/application/NotImplemented/nntp.py +0 -0
- pcapkit/protocols/application/NotImplemented/ntp.py +0 -0
- pcapkit/protocols/application/NotImplemented/onc_rpc.py +0 -0
- pcapkit/protocols/application/NotImplemented/pop.py +0 -0
- pcapkit/protocols/application/NotImplemented/rip.py +0 -0
- pcapkit/protocols/application/NotImplemented/rtp.py +0 -0
- pcapkit/protocols/application/NotImplemented/sip.py +0 -0
- pcapkit/protocols/application/NotImplemented/smtp.py +0 -0
- pcapkit/protocols/application/NotImplemented/snmp.py +0 -0
- pcapkit/protocols/application/NotImplemented/ssh.py +0 -0
- pcapkit/protocols/application/NotImplemented/telnet.py +0 -0
- pcapkit/protocols/application/NotImplemented/tls.py +0 -0
- pcapkit/protocols/application/NotImplemented/xmpp.py +0 -0
- pcapkit/protocols/application/__init__.py +34 -0
- pcapkit/protocols/application/application.py +114 -0
- pcapkit/protocols/application/ftp.py +206 -0
- pcapkit/protocols/application/http.py +176 -0
- pcapkit/protocols/application/httpv1.py +320 -0
- pcapkit/protocols/application/httpv2.py +1255 -0
- pcapkit/protocols/data/__init__.py +192 -0
- pcapkit/protocols/data/application/__init__.py +57 -0
- pcapkit/protocols/data/application/ftp.py +59 -0
- pcapkit/protocols/data/application/httpv1.py +79 -0
- pcapkit/protocols/data/application/httpv2.py +293 -0
- pcapkit/protocols/data/data.py +25 -0
- pcapkit/protocols/data/internet/__init__.py +298 -0
- pcapkit/protocols/data/internet/ah.py +31 -0
- pcapkit/protocols/data/internet/hip.py +804 -0
- pcapkit/protocols/data/internet/hopopt.py +351 -0
- pcapkit/protocols/data/internet/ipv4.py +369 -0
- pcapkit/protocols/data/internet/ipv6.py +67 -0
- pcapkit/protocols/data/internet/ipv6_frag.py +29 -0
- pcapkit/protocols/data/internet/ipv6_opts.py +368 -0
- pcapkit/protocols/data/internet/ipv6_route.py +86 -0
- pcapkit/protocols/data/internet/ipx.py +56 -0
- pcapkit/protocols/data/internet/mh.py +509 -0
- pcapkit/protocols/data/link/__init__.py +33 -0
- pcapkit/protocols/data/link/arp.py +74 -0
- pcapkit/protocols/data/link/ethernet.py +28 -0
- pcapkit/protocols/data/link/l2tp.py +63 -0
- pcapkit/protocols/data/link/ospf.py +58 -0
- pcapkit/protocols/data/link/vlan.py +42 -0
- pcapkit/protocols/data/misc/__init__.py +109 -0
- pcapkit/protocols/data/misc/null.py +18 -0
- pcapkit/protocols/data/misc/pcap/__init__.py +18 -0
- pcapkit/protocols/data/misc/pcap/frame.py +56 -0
- pcapkit/protocols/data/misc/pcap/header.py +53 -0
- pcapkit/protocols/data/misc/pcapng.py +925 -0
- pcapkit/protocols/data/misc/raw.py +25 -0
- pcapkit/protocols/data/protocol.py +32 -0
- pcapkit/protocols/data/transport/__init__.py +71 -0
- pcapkit/protocols/data/transport/tcp.py +555 -0
- pcapkit/protocols/data/transport/udp.py +29 -0
- pcapkit/protocols/internet/NotImplemented/ecn.py +0 -0
- pcapkit/protocols/internet/NotImplemented/esp.py +97 -0
- pcapkit/protocols/internet/NotImplemented/icmp.py +0 -0
- pcapkit/protocols/internet/NotImplemented/icmpv6.py +0 -0
- pcapkit/protocols/internet/NotImplemented/igmp.py +0 -0
- pcapkit/protocols/internet/NotImplemented/shim6.py +0 -0
- pcapkit/protocols/internet/__init__.py +43 -0
- pcapkit/protocols/internet/ah.py +275 -0
- pcapkit/protocols/internet/hip.py +4727 -0
- pcapkit/protocols/internet/hopopt.py +1879 -0
- pcapkit/protocols/internet/internet.py +249 -0
- pcapkit/protocols/internet/ip.py +51 -0
- pcapkit/protocols/internet/ipsec.py +50 -0
- pcapkit/protocols/internet/ipv4.py +1782 -0
- pcapkit/protocols/internet/ipv6.py +412 -0
- pcapkit/protocols/internet/ipv6_frag.py +258 -0
- pcapkit/protocols/internet/ipv6_opts.py +1890 -0
- pcapkit/protocols/internet/ipv6_route.py +708 -0
- pcapkit/protocols/internet/ipx.py +230 -0
- pcapkit/protocols/internet/mh.py +2764 -0
- pcapkit/protocols/link/NotImplemented/dsl.py +0 -0
- pcapkit/protocols/link/NotImplemented/eapol.py +1 -0
- pcapkit/protocols/link/NotImplemented/fddi.py +0 -0
- pcapkit/protocols/link/NotImplemented/isdn.py +0 -0
- pcapkit/protocols/link/NotImplemented/ndp.py +0 -0
- pcapkit/protocols/link/NotImplemented/ppp.py +0 -0
- pcapkit/protocols/link/__init__.py +35 -0
- pcapkit/protocols/link/arp.py +421 -0
- pcapkit/protocols/link/ethernet.py +248 -0
- pcapkit/protocols/link/l2tp.py +267 -0
- pcapkit/protocols/link/link.py +140 -0
- pcapkit/protocols/link/ospf.py +342 -0
- pcapkit/protocols/link/rarp.py +82 -0
- pcapkit/protocols/link/vlan.py +225 -0
- pcapkit/protocols/misc/__init__.py +37 -0
- pcapkit/protocols/misc/null.py +129 -0
- pcapkit/protocols/misc/pcap/__init__.py +17 -0
- pcapkit/protocols/misc/pcap/frame.py +478 -0
- pcapkit/protocols/misc/pcap/header.py +358 -0
- pcapkit/protocols/misc/pcapng.py +5520 -0
- pcapkit/protocols/misc/raw.py +180 -0
- pcapkit/protocols/protocol.py +1216 -0
- pcapkit/protocols/schema/__init__.py +140 -0
- pcapkit/protocols/schema/application/__init__.py +40 -0
- pcapkit/protocols/schema/application/ftp.py +21 -0
- pcapkit/protocols/schema/application/httpv1.py +21 -0
- pcapkit/protocols/schema/application/httpv2.py +384 -0
- pcapkit/protocols/schema/internet/__init__.py +294 -0
- pcapkit/protocols/schema/internet/ah.py +40 -0
- pcapkit/protocols/schema/internet/hip.py +1184 -0
- pcapkit/protocols/schema/internet/hopopt.py +679 -0
- pcapkit/protocols/schema/internet/ipv4.py +576 -0
- pcapkit/protocols/schema/internet/ipv6.py +63 -0
- pcapkit/protocols/schema/internet/ipv6_frag.py +48 -0
- pcapkit/protocols/schema/internet/ipv6_opts.py +680 -0
- pcapkit/protocols/schema/internet/ipv6_route.py +197 -0
- pcapkit/protocols/schema/internet/ipx.py +40 -0
- pcapkit/protocols/schema/internet/mh.py +718 -0
- pcapkit/protocols/schema/link/__init__.py +19 -0
- pcapkit/protocols/schema/link/arp.py +39 -0
- pcapkit/protocols/schema/link/ethernet.py +51 -0
- pcapkit/protocols/schema/link/l2tp.py +88 -0
- pcapkit/protocols/schema/link/ospf.py +90 -0
- pcapkit/protocols/schema/link/vlan.py +69 -0
- pcapkit/protocols/schema/misc/__init__.py +108 -0
- pcapkit/protocols/schema/misc/null.py +18 -0
- pcapkit/protocols/schema/misc/pcap/__init__.py +10 -0
- pcapkit/protocols/schema/misc/pcap/frame.py +51 -0
- pcapkit/protocols/schema/misc/pcap/header.py +63 -0
- pcapkit/protocols/schema/misc/pcapng.py +1689 -0
- pcapkit/protocols/schema/misc/raw.py +24 -0
- pcapkit/protocols/schema/schema.py +809 -0
- pcapkit/protocols/schema/transport/__init__.py +69 -0
- pcapkit/protocols/schema/transport/tcp.py +928 -0
- pcapkit/protocols/schema/transport/udp.py +90 -0
- pcapkit/protocols/transport/NotImplemented/dccp.py +0 -0
- pcapkit/protocols/transport/NotImplemented/rsvp.py +0 -0
- pcapkit/protocols/transport/NotImplemented/sctp.py +0 -0
- pcapkit/protocols/transport/__init__.py +27 -0
- pcapkit/protocols/transport/tcp.py +3025 -0
- pcapkit/protocols/transport/transport.py +158 -0
- pcapkit/protocols/transport/udp.py +214 -0
- pcapkit/py.typed +0 -0
- pcapkit/toolkit/__init__.py +57 -0
- pcapkit/toolkit/dpkt.py +306 -0
- pcapkit/toolkit/pcap.py +212 -0
- pcapkit/toolkit/pcapng.py +251 -0
- pcapkit/toolkit/pyshark.py +99 -0
- pcapkit/toolkit/scapy.py +297 -0
- pcapkit/utilities/__init__.py +20 -0
- pcapkit/utilities/compat.py +196 -0
- pcapkit/utilities/decorators.py +197 -0
- pcapkit/utilities/exceptions.py +365 -0
- pcapkit/utilities/logging.py +55 -0
- pcapkit/utilities/warnings.py +185 -0
- pcapkit/vendor/__init__.py +105 -0
- pcapkit/vendor/__main__.py +92 -0
- pcapkit/vendor/arp/__init__.py +27 -0
- pcapkit/vendor/arp/hardware.py +29 -0
- pcapkit/vendor/arp/operation.py +29 -0
- pcapkit/vendor/default.py +474 -0
- pcapkit/vendor/ftp/__init__.py +27 -0
- pcapkit/vendor/ftp/command.py +244 -0
- pcapkit/vendor/ftp/return_code.py +256 -0
- pcapkit/vendor/hip/__init__.py +94 -0
- pcapkit/vendor/hip/certificate.py +29 -0
- pcapkit/vendor/hip/cipher.py +29 -0
- pcapkit/vendor/hip/di.py +29 -0
- pcapkit/vendor/hip/ecdsa_curve.py +29 -0
- pcapkit/vendor/hip/ecdsa_low_curve.py +29 -0
- pcapkit/vendor/hip/eddsa_curve.py +85 -0
- pcapkit/vendor/hip/esp_transform_suite.py +29 -0
- pcapkit/vendor/hip/group.py +87 -0
- pcapkit/vendor/hip/hi_algorithm.py +29 -0
- pcapkit/vendor/hip/hit_suite.py +29 -0
- pcapkit/vendor/hip/nat_traversal.py +29 -0
- pcapkit/vendor/hip/notify_message.py +29 -0
- pcapkit/vendor/hip/packet.py +88 -0
- pcapkit/vendor/hip/parameter.py +88 -0
- pcapkit/vendor/hip/registration.py +29 -0
- pcapkit/vendor/hip/registration_failure.py +29 -0
- pcapkit/vendor/hip/suite.py +29 -0
- pcapkit/vendor/hip/transport.py +29 -0
- pcapkit/vendor/http/__init__.py +39 -0
- pcapkit/vendor/http/error_code.py +95 -0
- pcapkit/vendor/http/frame.py +91 -0
- pcapkit/vendor/http/method.py +167 -0
- pcapkit/vendor/http/setting.py +93 -0
- pcapkit/vendor/http/status_code.py +185 -0
- pcapkit/vendor/ipv4/__init__.py +57 -0
- pcapkit/vendor/ipv4/classification_level.py +91 -0
- pcapkit/vendor/ipv4/option_class.py +80 -0
- pcapkit/vendor/ipv4/option_number.py +105 -0
- pcapkit/vendor/ipv4/protection_authority.py +84 -0
- pcapkit/vendor/ipv4/qs_function.py +78 -0
- pcapkit/vendor/ipv4/router_alert.py +93 -0
- pcapkit/vendor/ipv4/tos_del.py +78 -0
- pcapkit/vendor/ipv4/tos_ecn.py +95 -0
- pcapkit/vendor/ipv4/tos_pre.py +84 -0
- pcapkit/vendor/ipv4/tos_rel.py +78 -0
- pcapkit/vendor/ipv4/tos_thr.py +77 -0
- pcapkit/vendor/ipv4/ts_flag.py +79 -0
- pcapkit/vendor/ipv6/__init__.py +53 -0
- pcapkit/vendor/ipv6/extension_header.py +171 -0
- pcapkit/vendor/ipv6/option.py +104 -0
- pcapkit/vendor/ipv6/option_action.py +90 -0
- pcapkit/vendor/ipv6/qs_function.py +78 -0
- pcapkit/vendor/ipv6/router_alert.py +93 -0
- pcapkit/vendor/ipv6/routing.py +87 -0
- pcapkit/vendor/ipv6/seed_id.py +81 -0
- pcapkit/vendor/ipv6/smf_dpd_mode.py +78 -0
- pcapkit/vendor/ipv6/tagger_id.py +81 -0
- pcapkit/vendor/ipx/__init__.py +37 -0
- pcapkit/vendor/ipx/packet.py +123 -0
- pcapkit/vendor/ipx/socket.py +125 -0
- pcapkit/vendor/l2tp/__init__.py +21 -0
- pcapkit/vendor/l2tp/type.py +78 -0
- pcapkit/vendor/mh/__init__.py +204 -0
- pcapkit/vendor/mh/access_type.py +87 -0
- pcapkit/vendor/mh/ack_status_code.py +88 -0
- pcapkit/vendor/mh/ani_suboption.py +88 -0
- pcapkit/vendor/mh/auth_subtype.py +83 -0
- pcapkit/vendor/mh/binding_ack_flag.py +148 -0
- pcapkit/vendor/mh/binding_error.py +78 -0
- pcapkit/vendor/mh/binding_revocation.py +87 -0
- pcapkit/vendor/mh/binding_update_flag.py +147 -0
- pcapkit/vendor/mh/cga_extension.py +91 -0
- pcapkit/vendor/mh/cga_sec.py +91 -0
- pcapkit/vendor/mh/cga_type.py +74 -0
- pcapkit/vendor/mh/dhcp_support_mode.py +77 -0
- pcapkit/vendor/mh/dns_status_code.py +87 -0
- pcapkit/vendor/mh/dsmip6_tls_packet.py +87 -0
- pcapkit/vendor/mh/dsmipv6_home_address.py +87 -0
- pcapkit/vendor/mh/enumerating_algorithm.py +82 -0
- pcapkit/vendor/mh/fb_ack_status.py +87 -0
- pcapkit/vendor/mh/fb_action.py +88 -0
- pcapkit/vendor/mh/fb_indication_trigger.py +87 -0
- pcapkit/vendor/mh/fb_type.py +88 -0
- pcapkit/vendor/mh/flow_id_status.py +87 -0
- pcapkit/vendor/mh/flow_id_suboption.py +87 -0
- pcapkit/vendor/mh/handoff_type.py +87 -0
- pcapkit/vendor/mh/handover_ack_flag.py +143 -0
- pcapkit/vendor/mh/handover_ack_status.py +87 -0
- pcapkit/vendor/mh/handover_initiate_flag.py +143 -0
- pcapkit/vendor/mh/handover_initiate_status.py +87 -0
- pcapkit/vendor/mh/home_address_reply.py +87 -0
- pcapkit/vendor/mh/lla_code.py +97 -0
- pcapkit/vendor/mh/lma_mag_suboption.py +88 -0
- pcapkit/vendor/mh/mn_group_id.py +87 -0
- pcapkit/vendor/mh/mn_id_subtype.py +87 -0
- pcapkit/vendor/mh/operator_id.py +87 -0
- pcapkit/vendor/mh/option.py +83 -0
- pcapkit/vendor/mh/packet.py +82 -0
- pcapkit/vendor/mh/qos_attribute.py +87 -0
- pcapkit/vendor/mh/revocation_status_code.py +87 -0
- pcapkit/vendor/mh/revocation_trigger.py +87 -0
- pcapkit/vendor/mh/status_code.py +91 -0
- pcapkit/vendor/mh/traffic_selector.py +87 -0
- pcapkit/vendor/mh/upa_status.py +87 -0
- pcapkit/vendor/mh/upn_reason.py +87 -0
- pcapkit/vendor/ospf/__init__.py +27 -0
- pcapkit/vendor/ospf/authentication.py +29 -0
- pcapkit/vendor/ospf/packet.py +29 -0
- pcapkit/vendor/pcapng/__init__.py +51 -0
- pcapkit/vendor/pcapng/block_type.py +94 -0
- pcapkit/vendor/pcapng/filter_type.py +77 -0
- pcapkit/vendor/pcapng/hash_algorithm.py +82 -0
- pcapkit/vendor/pcapng/option_type.py +287 -0
- pcapkit/vendor/pcapng/record_type.py +81 -0
- pcapkit/vendor/pcapng/secrets_type.py +81 -0
- pcapkit/vendor/pcapng/verdict_type.py +79 -0
- pcapkit/vendor/reg/__init__.py +34 -0
- pcapkit/vendor/reg/apptype.py +338 -0
- pcapkit/vendor/reg/ethertype.py +121 -0
- pcapkit/vendor/reg/linktype.py +110 -0
- pcapkit/vendor/reg/transtype.py +111 -0
- pcapkit/vendor/tcp/__init__.py +35 -0
- pcapkit/vendor/tcp/checksum.py +80 -0
- pcapkit/vendor/tcp/flags.py +149 -0
- pcapkit/vendor/tcp/mp_tcp_option.py +90 -0
- pcapkit/vendor/tcp/option.py +103 -0
- pcapkit/vendor/vlan/__init__.py +23 -0
- pcapkit/vendor/vlan/priority_level.py +97 -0
- pypcapkit-1.3.5.post6.dist-info/LICENSE +29 -0
- pypcapkit-1.3.5.post6.dist-info/METADATA +238 -0
- pypcapkit-1.3.5.post6.dist-info/RECORD +466 -0
- pypcapkit-1.3.5.post6.dist-info/WHEEL +5 -0
- pypcapkit-1.3.5.post6.dist-info/entry_points.txt +3 -0
- pypcapkit-1.3.5.post6.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,188 @@
|
|
|
1
|
+
# -*- coding: utf-8 -*-
|
|
2
|
+
"""PCAP Support
|
|
3
|
+
==================
|
|
4
|
+
|
|
5
|
+
.. module:: pcapkit.foundation.engines.pcap
|
|
6
|
+
|
|
7
|
+
This module contains the implementation for PCAP file extraction
|
|
8
|
+
support, as is used by :class:`pcapkit.foundation.extraction.Extractor`.
|
|
9
|
+
|
|
10
|
+
"""
|
|
11
|
+
from typing import TYPE_CHECKING
|
|
12
|
+
|
|
13
|
+
from pcapkit.foundation.engines.engine import EngineBase as Engine
|
|
14
|
+
from pcapkit.protocols.misc.pcap.frame import Frame
|
|
15
|
+
from pcapkit.protocols.misc.pcap.header import Header
|
|
16
|
+
|
|
17
|
+
__all__ = ['PCAP']
|
|
18
|
+
|
|
19
|
+
if TYPE_CHECKING:
|
|
20
|
+
from pcapkit.const.reg.linktype import LinkType as Enum_LinkType
|
|
21
|
+
from pcapkit.corekit.version import VersionInfo
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
class PCAP(Engine[Frame]):
|
|
25
|
+
"""PCAP file extraction support.
|
|
26
|
+
|
|
27
|
+
Args:
|
|
28
|
+
extractor: :class:`~pcapkit.foundation.extraction.Extractor` instance.
|
|
29
|
+
|
|
30
|
+
"""
|
|
31
|
+
|
|
32
|
+
if TYPE_CHECKING:
|
|
33
|
+
#: Global header.
|
|
34
|
+
_gbhdr: 'Header'
|
|
35
|
+
#: Version info.
|
|
36
|
+
_vinfo: 'VersionInfo'
|
|
37
|
+
#: Data link layer protocol.
|
|
38
|
+
_dlink: 'Enum_LinkType'
|
|
39
|
+
#: Nanosecond flag.
|
|
40
|
+
_nnsec: 'bool'
|
|
41
|
+
|
|
42
|
+
MAGIC_NUMBER = (
|
|
43
|
+
b'\xa1\xb2\x3c\x4d',
|
|
44
|
+
b'\xa1\xb2\xc3\xd4',
|
|
45
|
+
b'\x4d\x3c\xb2\xa1',
|
|
46
|
+
b'\xd4\xc3\xb2\xa1',
|
|
47
|
+
)
|
|
48
|
+
|
|
49
|
+
##########################################################################
|
|
50
|
+
# Defaults.
|
|
51
|
+
##########################################################################
|
|
52
|
+
|
|
53
|
+
#: Engine name.
|
|
54
|
+
__engine_name__ = 'PCAP'
|
|
55
|
+
|
|
56
|
+
#: Engine module name.
|
|
57
|
+
__engine_module__ = 'pcapkit.protocols.misc.pcap'
|
|
58
|
+
|
|
59
|
+
##########################################################################
|
|
60
|
+
# Properties.
|
|
61
|
+
##########################################################################
|
|
62
|
+
|
|
63
|
+
@property
|
|
64
|
+
def header(self) -> 'Header':
|
|
65
|
+
"""Global header."""
|
|
66
|
+
return self._gbhdr
|
|
67
|
+
|
|
68
|
+
@property
|
|
69
|
+
def version(self) -> 'VersionInfo':
|
|
70
|
+
"""Version of input PCAP file."""
|
|
71
|
+
return self._vinfo
|
|
72
|
+
|
|
73
|
+
@property
|
|
74
|
+
def dlink(self) -> 'Enum_LinkType':
|
|
75
|
+
"""Data link layer protocol."""
|
|
76
|
+
return self._dlink
|
|
77
|
+
|
|
78
|
+
@property
|
|
79
|
+
def nanosecond(self) -> 'bool':
|
|
80
|
+
"""Nanosecond flag."""
|
|
81
|
+
return self._nnsec
|
|
82
|
+
|
|
83
|
+
##########################################################################
|
|
84
|
+
# Methods.
|
|
85
|
+
##########################################################################
|
|
86
|
+
|
|
87
|
+
def run(self) -> 'None':
|
|
88
|
+
"""Start extraction.
|
|
89
|
+
|
|
90
|
+
This method is the entry point for PCAP file extraction. It will start
|
|
91
|
+
the extraction process by parsing the PCAP global header and then halt
|
|
92
|
+
the extraction process until the
|
|
93
|
+
:meth:`self.extractor.record_frames <pcapkit.foundation.extraction.Extractor.record_frames>`
|
|
94
|
+
method is called.
|
|
95
|
+
|
|
96
|
+
The method will parse the PCAP global header and save the parsed result
|
|
97
|
+
as :attr:`self.header <header>`. Information such as PCAP version, data
|
|
98
|
+
link layer protocol type, nanosecond flag and byteorder will also be
|
|
99
|
+
save the current :class:`PCAP` engine instance.
|
|
100
|
+
|
|
101
|
+
For output, the method will dump the parsed PCAP global header under
|
|
102
|
+
the name of ``Global Header``.
|
|
103
|
+
|
|
104
|
+
"""
|
|
105
|
+
# pylint: disable=attribute-defined-outside-init,protected-access
|
|
106
|
+
ext = self._extractor
|
|
107
|
+
|
|
108
|
+
self._gbhdr = Header(ext._ifile)
|
|
109
|
+
self._vinfo = self._gbhdr.version
|
|
110
|
+
self._dlink = self._gbhdr.protocol
|
|
111
|
+
self._nnsec = self._gbhdr.nanosecond
|
|
112
|
+
|
|
113
|
+
if ext._flag_q:
|
|
114
|
+
return
|
|
115
|
+
|
|
116
|
+
if ext._flag_f:
|
|
117
|
+
ofile = ext._ofile(f'{ext._ofnm}/Global Header.{ext._fext}')
|
|
118
|
+
ofile(self._gbhdr.info.to_dict(), name='Global Header')
|
|
119
|
+
else:
|
|
120
|
+
ext._ofile(self._gbhdr.info.to_dict(), name='Global Header')
|
|
121
|
+
ofile = ext._ofile
|
|
122
|
+
ext._offmt = ofile.kind
|
|
123
|
+
|
|
124
|
+
def read_frame(self) -> 'Frame':
|
|
125
|
+
"""Read frames.
|
|
126
|
+
|
|
127
|
+
This method performs following operations:
|
|
128
|
+
|
|
129
|
+
- extract frames and each layer of packets;
|
|
130
|
+
- make :class:`~pcapkit.corekit.infoclass.Info` object out of frame properties;
|
|
131
|
+
- write to output file with corresponding dumper;
|
|
132
|
+
- reassemble IP and/or TCP datagram;
|
|
133
|
+
- trace TCP flows if any;
|
|
134
|
+
- record frame :class:`~pcapkit.corekit.infoclass.Info` object to frame storage.
|
|
135
|
+
|
|
136
|
+
Returns:
|
|
137
|
+
Parsed frame instance.
|
|
138
|
+
|
|
139
|
+
"""
|
|
140
|
+
from pcapkit.toolkit.pcap import (ipv4_reassembly, ipv6_reassembly, tcp_reassembly,
|
|
141
|
+
tcp_traceflow)
|
|
142
|
+
ext = self._extractor
|
|
143
|
+
|
|
144
|
+
# read frame header
|
|
145
|
+
frame = Frame(ext._ifile, num=ext._frnum+1, header=self._gbhdr.info,
|
|
146
|
+
layer=ext._exlyr, protocol=ext._exptl, nanosecond=self._nnsec)
|
|
147
|
+
ext._frnum += 1
|
|
148
|
+
|
|
149
|
+
# verbose output
|
|
150
|
+
ext._vfunc(ext, frame)
|
|
151
|
+
|
|
152
|
+
# write plist
|
|
153
|
+
frnum = f'Frame {ext._frnum}'
|
|
154
|
+
if not ext._flag_q:
|
|
155
|
+
if ext._flag_f:
|
|
156
|
+
ofile = ext._ofile(f'{ext._ofnm}/{frnum}.{ext._fext}')
|
|
157
|
+
ofile(frame.info.to_dict(), name=frnum)
|
|
158
|
+
else:
|
|
159
|
+
ext._ofile(frame.info.to_dict(), name=frnum)
|
|
160
|
+
|
|
161
|
+
# record fragments
|
|
162
|
+
if ext._flag_r:
|
|
163
|
+
if ext._ipv4:
|
|
164
|
+
data_ipv4 = ipv4_reassembly(frame)
|
|
165
|
+
if data_ipv4 is not None:
|
|
166
|
+
ext._reasm.ipv4(data_ipv4)
|
|
167
|
+
if ext._ipv6:
|
|
168
|
+
data_ipv6 = ipv6_reassembly(frame)
|
|
169
|
+
if data_ipv6 is not None:
|
|
170
|
+
ext._reasm.ipv6(data_ipv6)
|
|
171
|
+
if ext._tcp:
|
|
172
|
+
data_tcp = tcp_reassembly(frame)
|
|
173
|
+
if data_tcp is not None:
|
|
174
|
+
ext._reasm.tcp(data_tcp)
|
|
175
|
+
|
|
176
|
+
# trace flows
|
|
177
|
+
if ext._flag_t:
|
|
178
|
+
if ext._tcp:
|
|
179
|
+
data_tf_tcp = tcp_traceflow(frame, data_link=self._dlink)
|
|
180
|
+
if data_tf_tcp is not None:
|
|
181
|
+
ext._trace.tcp(data_tf_tcp)
|
|
182
|
+
|
|
183
|
+
# record frames
|
|
184
|
+
if ext._flag_d:
|
|
185
|
+
ext._frame.append(frame)
|
|
186
|
+
|
|
187
|
+
# return frame record
|
|
188
|
+
return frame
|
|
@@ -0,0 +1,310 @@
|
|
|
1
|
+
# -*- coding: utf-8 -*-
|
|
2
|
+
"""PCAP-NG Support
|
|
3
|
+
=====================
|
|
4
|
+
|
|
5
|
+
.. module:: pcapkit.foundation.engines.pcapng
|
|
6
|
+
|
|
7
|
+
This module contains the implementation for PCAP-NG file extraction
|
|
8
|
+
support, as is used by :class:`pcapkit.foundation.extraction.Extractor`.
|
|
9
|
+
|
|
10
|
+
"""
|
|
11
|
+
from logging import warn
|
|
12
|
+
from typing import TYPE_CHECKING, cast
|
|
13
|
+
|
|
14
|
+
from pcapkit.const.pcapng.block_type import BlockType as Enum_BlockType
|
|
15
|
+
from pcapkit.corekit.infoclass import Info, info_final
|
|
16
|
+
from pcapkit.foundation.engines.engine import EngineBase as Engine
|
|
17
|
+
from pcapkit.protocols.misc.pcapng import PCAPNG as P_PCAPNG
|
|
18
|
+
from pcapkit.utilities.exceptions import FormatError, stacklevel
|
|
19
|
+
from pcapkit.utilities.warnings import DeprecatedFormatWarning
|
|
20
|
+
|
|
21
|
+
__all__ = ['PCAPNG']
|
|
22
|
+
|
|
23
|
+
if TYPE_CHECKING:
|
|
24
|
+
from pcapkit.foundation.extraction import Extractor
|
|
25
|
+
from pcapkit.protocols.data.misc.pcapng import PCAPNG as Data_PCAPNG
|
|
26
|
+
from pcapkit.protocols.data.misc.pcapng import CustomBlock as Data_CustomBlock
|
|
27
|
+
from pcapkit.protocols.data.misc.pcapng import \
|
|
28
|
+
DecryptionSecretsBlock as Data_DecryptionSecretsBlock
|
|
29
|
+
from pcapkit.protocols.data.misc.pcapng import EnhancedPacketBlock as Data_EnhancedPacketBlock
|
|
30
|
+
from pcapkit.protocols.data.misc.pcapng import \
|
|
31
|
+
InterfaceDescriptionBlock as Data_InterfaceDescriptionBlock
|
|
32
|
+
from pcapkit.protocols.data.misc.pcapng import \
|
|
33
|
+
InterfaceStatisticsBlock as Data_InterfaceStatisticsBlock
|
|
34
|
+
from pcapkit.protocols.data.misc.pcapng import NameResolutionBlock as Data_NameResolutionBlock
|
|
35
|
+
from pcapkit.protocols.data.misc.pcapng import PacketBlock as Data_PacketBlock
|
|
36
|
+
from pcapkit.protocols.data.misc.pcapng import SectionHeaderBlock as Data_SectionHeaderBlock
|
|
37
|
+
from pcapkit.protocols.data.misc.pcapng import \
|
|
38
|
+
SystemdJournalExportBlock as Data_SystemdJournalExportBlock
|
|
39
|
+
from pcapkit.protocols.data.misc.pcapng import UnknownBlock as Data_UnknownBlock
|
|
40
|
+
|
|
41
|
+
|
|
42
|
+
@info_final
|
|
43
|
+
class Context(Info):
|
|
44
|
+
"""Context manager for PCAP-NG file format."""
|
|
45
|
+
|
|
46
|
+
#: Section header.
|
|
47
|
+
section: 'Data_SectionHeaderBlock'
|
|
48
|
+
|
|
49
|
+
def __post_init__(self) -> None:
|
|
50
|
+
"""Post initialisation hook."""
|
|
51
|
+
self.__update__(
|
|
52
|
+
interfaces=[],
|
|
53
|
+
#packets=[],
|
|
54
|
+
names=[],
|
|
55
|
+
journals=[],
|
|
56
|
+
secrets=[],
|
|
57
|
+
custom=[],
|
|
58
|
+
statistics=[],
|
|
59
|
+
unknown=[],
|
|
60
|
+
)
|
|
61
|
+
|
|
62
|
+
if TYPE_CHECKING:
|
|
63
|
+
#: Interface descriptions.
|
|
64
|
+
interfaces: 'list[Data_InterfaceDescriptionBlock]'
|
|
65
|
+
#: Packets.
|
|
66
|
+
#packets: 'list[Data_PacketBlock | Data_SimplePacketBlock | Data_EnhancedPacketBlock]'
|
|
67
|
+
#: Name resolution records.
|
|
68
|
+
names: 'list[Data_NameResolutionBlock]'
|
|
69
|
+
#: :manpage:`systemd(1)` journal export records.
|
|
70
|
+
journals: 'list[Data_SystemdJournalExportBlock]'
|
|
71
|
+
#: Decryption secrets.
|
|
72
|
+
secrets: 'list[Data_DecryptionSecretsBlock]'
|
|
73
|
+
#: Custom blocks.
|
|
74
|
+
custom: 'list[Data_CustomBlock]'
|
|
75
|
+
#: Interface statistics.
|
|
76
|
+
statistics: 'list[Data_InterfaceStatisticsBlock]'
|
|
77
|
+
#: Unknown blocks.
|
|
78
|
+
unknown: 'list[Data_UnknownBlock]'
|
|
79
|
+
|
|
80
|
+
def __init__(self, section: 'Data_SectionHeaderBlock') -> 'None': ...
|
|
81
|
+
|
|
82
|
+
|
|
83
|
+
class PCAPNG(Engine[P_PCAPNG]):
|
|
84
|
+
"""PCAP-NG file extraction support.
|
|
85
|
+
|
|
86
|
+
Args:
|
|
87
|
+
extractor: :class:`~pcapkit.foundation.extraction.Extractor` instance.
|
|
88
|
+
|
|
89
|
+
"""
|
|
90
|
+
if TYPE_CHECKING:
|
|
91
|
+
#: Current context.
|
|
92
|
+
_ctx: 'Context'
|
|
93
|
+
#: File context storage.
|
|
94
|
+
_ctx_list: 'list[Context]'
|
|
95
|
+
|
|
96
|
+
MAGIC_NUMBER = (
|
|
97
|
+
b'\x0a\x0d\x0d\x0a',
|
|
98
|
+
)
|
|
99
|
+
|
|
100
|
+
##########################################################################
|
|
101
|
+
# Defaults.
|
|
102
|
+
##########################################################################
|
|
103
|
+
|
|
104
|
+
#: Engine name.
|
|
105
|
+
__engine_name__ = 'PCAP-NG'
|
|
106
|
+
|
|
107
|
+
#: Engine module name.
|
|
108
|
+
__engine_module__ = 'pcapkit.protocols.misc.pcapng'
|
|
109
|
+
|
|
110
|
+
##########################################################################
|
|
111
|
+
# Data models.
|
|
112
|
+
##########################################################################
|
|
113
|
+
|
|
114
|
+
def __init__(self, extractor: 'Extractor') -> 'None':
|
|
115
|
+
self._ctx = None # type: ignore[assignment]
|
|
116
|
+
self._ctx_list = []
|
|
117
|
+
|
|
118
|
+
super().__init__(extractor)
|
|
119
|
+
|
|
120
|
+
##########################################################################
|
|
121
|
+
# Methods.
|
|
122
|
+
##########################################################################
|
|
123
|
+
|
|
124
|
+
def run(self) -> 'None':
|
|
125
|
+
"""Start extraction.
|
|
126
|
+
|
|
127
|
+
This method is the entry point for PCAP-NG file extraction. It will
|
|
128
|
+
directly extract the first block, which should be a section header
|
|
129
|
+
block, and then save the related information into the internal
|
|
130
|
+
context storage.
|
|
131
|
+
|
|
132
|
+
"""
|
|
133
|
+
ext = self._extractor
|
|
134
|
+
|
|
135
|
+
shb = P_PCAPNG(ext._ifile, num=0, sct=1, ctx=None)
|
|
136
|
+
if shb.info.type != Enum_BlockType.Section_Header_Block:
|
|
137
|
+
raise FormatError(f'PCAP-NG: [SHB] invalid block type: {shb.info.type!r}')
|
|
138
|
+
|
|
139
|
+
self._ctx = Context(cast('Data_SectionHeaderBlock', shb.info))
|
|
140
|
+
self._ctx_list.append(self._ctx)
|
|
141
|
+
shb._ctx = self._ctx
|
|
142
|
+
|
|
143
|
+
self._write_file(shb.info, name=f'Section Header {len(self._ctx_list)}')
|
|
144
|
+
|
|
145
|
+
def read_frame(self) -> 'P_PCAPNG':
|
|
146
|
+
"""Read frames.
|
|
147
|
+
|
|
148
|
+
This method performs following tasks:
|
|
149
|
+
|
|
150
|
+
- read the next block from input file;
|
|
151
|
+
- check if the block is a packet block;
|
|
152
|
+
- if not, save the block into the internal context storage and repeat;
|
|
153
|
+
- if yes, save the related information into the internal context storage;
|
|
154
|
+
- write the parsed block into output file.
|
|
155
|
+
- reassemble IP and/or TCP fragments;
|
|
156
|
+
- trace TCP flows if any;
|
|
157
|
+
- record frame information if any.
|
|
158
|
+
|
|
159
|
+
Returns:
|
|
160
|
+
Parsed PCAP-NG block.
|
|
161
|
+
|
|
162
|
+
"""
|
|
163
|
+
from pcapkit.toolkit.pcapng import (ipv4_reassembly, ipv6_reassembly, tcp_reassembly,
|
|
164
|
+
tcp_traceflow)
|
|
165
|
+
ext = self._extractor
|
|
166
|
+
|
|
167
|
+
while True:
|
|
168
|
+
# read next block
|
|
169
|
+
block = P_PCAPNG(ext._ifile, num=ext._frnum+1, sct=len(self._ctx_list),
|
|
170
|
+
ctx=self._ctx, layer=ext._exlyr, protocol=ext._exptl,
|
|
171
|
+
__packet__={
|
|
172
|
+
'snaplen': self._get_snaplen(),
|
|
173
|
+
})
|
|
174
|
+
|
|
175
|
+
# check block type
|
|
176
|
+
if block.info.type == Enum_BlockType.Section_Header_Block:
|
|
177
|
+
self._ctx = Context(cast('Data_SectionHeaderBlock', block.info))
|
|
178
|
+
self._ctx_list.append(self._ctx)
|
|
179
|
+
block._ctx = self._ctx
|
|
180
|
+
|
|
181
|
+
self._write_file(block.info, name=f'Section Header {len(self._ctx_list)}')
|
|
182
|
+
|
|
183
|
+
elif block.info.type == Enum_BlockType.Interface_Description_Block:
|
|
184
|
+
self._ctx.interfaces.append(cast('Data_InterfaceDescriptionBlock', block.info))
|
|
185
|
+
self._write_file(block.info, name=f'Interface Description {len(self._ctx.interfaces)}')
|
|
186
|
+
|
|
187
|
+
elif block.info.type == Enum_BlockType.Name_Resolution_Block:
|
|
188
|
+
self._ctx.names.append(cast('Data_NameResolutionBlock', block.info))
|
|
189
|
+
self._write_file(block.info, name=f'Name Resolution {len(self._ctx.names)}')
|
|
190
|
+
|
|
191
|
+
elif block.info.type == Enum_BlockType.systemd_Journal_Export_Block:
|
|
192
|
+
self._ctx.journals.append(cast('Data_SystemdJournalExportBlock', block.info))
|
|
193
|
+
self._write_file(block.info, name=f'systemd Journal Export {len(self._ctx.journals)}')
|
|
194
|
+
|
|
195
|
+
elif block.info.type == Enum_BlockType.Decryption_Secrets_Block:
|
|
196
|
+
self._ctx.secrets.append(cast('Data_DecryptionSecretsBlock', block.info))
|
|
197
|
+
self._write_file(block.info, name=f'Decryption Secrets {len(self._ctx.secrets)}')
|
|
198
|
+
|
|
199
|
+
elif block.info.type == Enum_BlockType.Interface_Statistics_Block:
|
|
200
|
+
isb_info = cast('Data_InterfaceStatisticsBlock', block.info)
|
|
201
|
+
if isb_info.interface_id >= len(self._ctx.interfaces):
|
|
202
|
+
raise FormatError(f'PCAP-NG: [ISB] invalid interface ID: {isb_info.interface_id}')
|
|
203
|
+
self._ctx.statistics.append(isb_info)
|
|
204
|
+
|
|
205
|
+
self._write_file(isb_info, name=f'Interface Statistics {len(self._ctx.statistics)}')
|
|
206
|
+
|
|
207
|
+
elif block.info.type in (Enum_BlockType.Custom_Block_that_rewriters_can_copy_into_new_files,
|
|
208
|
+
Enum_BlockType.Custom_Block_that_rewriters_should_not_copy_into_new_files):
|
|
209
|
+
self._ctx.custom.append(cast('Data_CustomBlock', block.info))
|
|
210
|
+
self._write_file(block.info, name=f'Custom {len(self._ctx.custom)}')
|
|
211
|
+
|
|
212
|
+
elif block.info.type == Enum_BlockType.Enhanced_Packet_Block:
|
|
213
|
+
epb_info = cast('Data_EnhancedPacketBlock', block.info)
|
|
214
|
+
if epb_info.interface_id >= len(self._ctx.interfaces):
|
|
215
|
+
raise FormatError(f'PCAP-NG: [EPB] invalid interface ID: {epb_info.interface_id}')
|
|
216
|
+
break
|
|
217
|
+
|
|
218
|
+
elif block.info.type == Enum_BlockType.Simple_Packet_Block:
|
|
219
|
+
if len(self._ctx.interfaces) != 1:
|
|
220
|
+
raise FormatError(f'PCAP-NG: [SPB] invalid section with {len(self._ctx.interfaces)} interfaces')
|
|
221
|
+
break
|
|
222
|
+
|
|
223
|
+
elif block.info.type == Enum_BlockType.Packet_Block:
|
|
224
|
+
pack_info = cast('Data_PacketBlock', block.info)
|
|
225
|
+
if pack_info.interface_id >= len(self._ctx.interfaces):
|
|
226
|
+
raise FormatError(f'PCAP-NG: [Packet] invalid interface ID: {pack_info.interface_id}')
|
|
227
|
+
|
|
228
|
+
warn('PCAP-NG: [Packet] deprecated block type', DeprecatedFormatWarning,
|
|
229
|
+
stacklevel=stacklevel())
|
|
230
|
+
break
|
|
231
|
+
|
|
232
|
+
else:
|
|
233
|
+
self._ctx.unknown.append(cast('Data_UnknownBlock', block.info))
|
|
234
|
+
self._write_file(block.info, name=f'Unknown {len(self._ctx.unknown)}')
|
|
235
|
+
|
|
236
|
+
# increment frame number
|
|
237
|
+
ext._frnum += 1
|
|
238
|
+
|
|
239
|
+
# verbose output
|
|
240
|
+
ext._vfunc(ext, block)
|
|
241
|
+
|
|
242
|
+
# write plist
|
|
243
|
+
self._write_file(block.info, name=f'Frame {ext._frnum}')
|
|
244
|
+
|
|
245
|
+
# record fragments
|
|
246
|
+
if ext._flag_r:
|
|
247
|
+
if ext._ipv4:
|
|
248
|
+
data_ipv4 = ipv4_reassembly(block)
|
|
249
|
+
if data_ipv4 is not None:
|
|
250
|
+
ext._reasm.ipv4(data_ipv4)
|
|
251
|
+
if ext._ipv6:
|
|
252
|
+
data_ipv6 = ipv6_reassembly(block)
|
|
253
|
+
if data_ipv6 is not None:
|
|
254
|
+
ext._reasm.ipv6(data_ipv6)
|
|
255
|
+
if ext._tcp:
|
|
256
|
+
data_tcp = tcp_reassembly(block)
|
|
257
|
+
if data_tcp is not None:
|
|
258
|
+
ext._reasm.tcp(data_tcp)
|
|
259
|
+
|
|
260
|
+
# trace flows
|
|
261
|
+
if ext._flag_t:
|
|
262
|
+
if ext._tcp:
|
|
263
|
+
data_tf_tcp = tcp_traceflow(block, nanosecond=block.nanosecond)
|
|
264
|
+
if data_tf_tcp is not None:
|
|
265
|
+
ext._trace.tcp(data_tf_tcp)
|
|
266
|
+
|
|
267
|
+
# record blocks
|
|
268
|
+
if ext._flag_d:
|
|
269
|
+
ext._frame.append(block)
|
|
270
|
+
|
|
271
|
+
# return block record
|
|
272
|
+
return block
|
|
273
|
+
|
|
274
|
+
##########################################################################
|
|
275
|
+
# Utilities.
|
|
276
|
+
##########################################################################
|
|
277
|
+
|
|
278
|
+
def _write_file(self, block: 'Data_PCAPNG', *, name: 'str') -> 'None':
|
|
279
|
+
"""Write the parsed block into output file.
|
|
280
|
+
|
|
281
|
+
Args:
|
|
282
|
+
block: The parsed block.
|
|
283
|
+
name: The name of the block.
|
|
284
|
+
|
|
285
|
+
"""
|
|
286
|
+
ext = self._extractor
|
|
287
|
+
if ext._flag_q:
|
|
288
|
+
return
|
|
289
|
+
|
|
290
|
+
if ext._flag_f:
|
|
291
|
+
ofile = ext._ofile(f'{ext._ofnm}/{name}.{ext._fext}')
|
|
292
|
+
ofile(block.to_dict(), name=name)
|
|
293
|
+
else:
|
|
294
|
+
ext._ofile(block.to_dict(), name=name)
|
|
295
|
+
ofile = ext._ofile
|
|
296
|
+
ext._offmt = ofile.kind
|
|
297
|
+
|
|
298
|
+
def _get_snaplen(self) -> 'int':
|
|
299
|
+
"""Get snapshot length from the current context.
|
|
300
|
+
|
|
301
|
+
This method is used for providing the snapshot length to the ``__packet__``
|
|
302
|
+
argument when parsing a Simple Packet Block (SPB).
|
|
303
|
+
|
|
304
|
+
Notes:
|
|
305
|
+
If there is no interface, return ``0xFFFF_FFFF_FFFF_FFFF``.
|
|
306
|
+
|
|
307
|
+
"""
|
|
308
|
+
if self._ctx.interfaces:
|
|
309
|
+
return self._ctx.interfaces[0].snaplen
|
|
310
|
+
return 0xFFFF_FFFF_FFFF_FFFF
|
|
@@ -0,0 +1,166 @@
|
|
|
1
|
+
# -*- coding: utf-8 -*-
|
|
2
|
+
"""PyShark Support
|
|
3
|
+
=====================
|
|
4
|
+
|
|
5
|
+
.. module:: pcapkit.foundation.engines.pyshark
|
|
6
|
+
|
|
7
|
+
This module contains the implementation for `PyShark`_ engine
|
|
8
|
+
support, as is used by :class:`pcapkit.foundation.extraction.Extractor`.
|
|
9
|
+
|
|
10
|
+
.. _PyShark: https://kiminewt.github.io/pyshark
|
|
11
|
+
|
|
12
|
+
"""
|
|
13
|
+
from typing import TYPE_CHECKING, cast
|
|
14
|
+
|
|
15
|
+
from pcapkit.foundation.engines.engine import EngineBase as Engine
|
|
16
|
+
from pcapkit.foundation.reassembly import ReassemblyManager
|
|
17
|
+
from pcapkit.utilities.exceptions import stacklevel
|
|
18
|
+
from pcapkit.utilities.warnings import AttributeWarning, warn
|
|
19
|
+
|
|
20
|
+
__all__ = ['PyShark']
|
|
21
|
+
|
|
22
|
+
if TYPE_CHECKING:
|
|
23
|
+
from pyshark.capture.file_capture import FileCapture
|
|
24
|
+
from pyshark.packet.packet import Packet as PySharkPacket
|
|
25
|
+
|
|
26
|
+
from pcapkit.foundation.extraction import Extractor
|
|
27
|
+
|
|
28
|
+
|
|
29
|
+
class PyShark(Engine['PySharkPacket']):
|
|
30
|
+
"""PyShark engine support.
|
|
31
|
+
|
|
32
|
+
Args:
|
|
33
|
+
extractor: :class:`~pcapkit.foundation.extraction.Extractor` instance.
|
|
34
|
+
|
|
35
|
+
"""
|
|
36
|
+
if TYPE_CHECKING:
|
|
37
|
+
import pyshark
|
|
38
|
+
|
|
39
|
+
#: Engine extraction package.
|
|
40
|
+
_expkg: 'pyshark'
|
|
41
|
+
#: Engine extraction temporary storage.
|
|
42
|
+
_extmp: 'FileCapture'
|
|
43
|
+
|
|
44
|
+
##########################################################################
|
|
45
|
+
# Defaults.
|
|
46
|
+
##########################################################################
|
|
47
|
+
|
|
48
|
+
#: Engine name.
|
|
49
|
+
__engine_name__ = 'PyShark'
|
|
50
|
+
|
|
51
|
+
#: Engine module name.
|
|
52
|
+
__engine_module__ = 'pyshark'
|
|
53
|
+
|
|
54
|
+
##########################################################################
|
|
55
|
+
# Data models.
|
|
56
|
+
##########################################################################
|
|
57
|
+
|
|
58
|
+
def __init__(self, extractor: 'Extractor') -> 'None':
|
|
59
|
+
import pyshark # isort:skip
|
|
60
|
+
|
|
61
|
+
self._expkg = pyshark
|
|
62
|
+
self._extmp = cast('FileCapture', None)
|
|
63
|
+
|
|
64
|
+
super().__init__(extractor)
|
|
65
|
+
|
|
66
|
+
##########################################################################
|
|
67
|
+
# Methods.
|
|
68
|
+
##########################################################################
|
|
69
|
+
|
|
70
|
+
def run(self) -> 'None':
|
|
71
|
+
"""Call :class:`pyshark.FileCapture` to extract PCAP files.
|
|
72
|
+
|
|
73
|
+
This method assigns :attr:`self._expkg <PyShark._expkg>`
|
|
74
|
+
as :mod:`pyshark` and :attr:`self._extmp <PyShark._extmp>`
|
|
75
|
+
as an iterator from :class:`pyshark.FileCapture`.
|
|
76
|
+
|
|
77
|
+
Warns:
|
|
78
|
+
AttributeWarning: Warns under following circumstances:
|
|
79
|
+
|
|
80
|
+
* if :attr:`self.extractor._exlyr <pcapkit.foundation.extraction.Extractor._exlyr>`
|
|
81
|
+
and/or :attr:`self.extractor._exptl <pcapkit.foundation.extraction.Extractor._exptl>`
|
|
82
|
+
is provided as the PyShark engine currently does not
|
|
83
|
+
support such operations.
|
|
84
|
+
* if reassembly is enabled, as the PyShark engine currently
|
|
85
|
+
does not support such operation.
|
|
86
|
+
|
|
87
|
+
"""
|
|
88
|
+
ext = self._extractor
|
|
89
|
+
|
|
90
|
+
if ext._exlyr != 'none' or ext._exptl != 'null':
|
|
91
|
+
warn("'Extractor(engine='pyshark')' does not support protocol and layer threshold; "
|
|
92
|
+
f"'layer={ext._exlyr}' and 'protocol={ext._exptl}' ignored",
|
|
93
|
+
AttributeWarning, stacklevel=stacklevel())
|
|
94
|
+
|
|
95
|
+
if ext._flag_r and (ext._ipv4 or ext._ipv6 or ext._tcp):
|
|
96
|
+
ext._flag_r = False
|
|
97
|
+
ext._reasm = ReassemblyManager(ipv4=None, ipv6=None, tcp=None)
|
|
98
|
+
warn("'Extractor(engine='pyshark')' object dose not support reassembly; "
|
|
99
|
+
f"so 'ipv4={ext._ipv4}', 'ipv6={ext._ipv6}' and 'tcp={ext._tcp}' will be ignored",
|
|
100
|
+
AttributeWarning, stacklevel=stacklevel())
|
|
101
|
+
|
|
102
|
+
# setup verbose handler
|
|
103
|
+
if ext._flag_v:
|
|
104
|
+
ext._vfunc = lambda e, f: print(
|
|
105
|
+
f'Frame {e._frnum:>3d}: {f.frame_info.protocols}' # pylint: disable=protected-access
|
|
106
|
+
) # pylint: disable=logging-fstring-interpolation
|
|
107
|
+
|
|
108
|
+
# extract & analyse file
|
|
109
|
+
self._extmp = self._expkg.FileCapture(ext._ifnm, keep_packets=False)
|
|
110
|
+
|
|
111
|
+
def read_frame(self) -> 'PySharkPacket':
|
|
112
|
+
"""Read frames with PyShark engine.
|
|
113
|
+
|
|
114
|
+
Returns:
|
|
115
|
+
Parsed frame instance.
|
|
116
|
+
|
|
117
|
+
See Also:
|
|
118
|
+
Please refer to :meth:`PCAP.read_frame <pcapkit.foundation.engines.pcap.PCAP.read_frame>`
|
|
119
|
+
for more operational information.
|
|
120
|
+
|
|
121
|
+
"""
|
|
122
|
+
from pcapkit.toolkit.pyshark import packet2dict, tcp_traceflow
|
|
123
|
+
ext = self._extractor
|
|
124
|
+
|
|
125
|
+
# fetch PyShark packet
|
|
126
|
+
packet = cast('PySharkPacket', self._extmp.next())
|
|
127
|
+
|
|
128
|
+
# verbose output
|
|
129
|
+
ext._frnum = int(packet.number)
|
|
130
|
+
ext._vfunc(ext, packet)
|
|
131
|
+
|
|
132
|
+
# write plist
|
|
133
|
+
frnum = f'Frame {ext._frnum}'
|
|
134
|
+
if not ext._flag_q:
|
|
135
|
+
info = packet2dict(packet)
|
|
136
|
+
if ext._flag_f:
|
|
137
|
+
ofile = ext._ofile(f'{ext._ofnm}/{frnum}.{ext._fext}')
|
|
138
|
+
ofile(info, name=frnum)
|
|
139
|
+
else:
|
|
140
|
+
ext._ofile(info, name=frnum)
|
|
141
|
+
ofile = ext._ofile
|
|
142
|
+
ext._offmt = ofile.kind
|
|
143
|
+
|
|
144
|
+
# trace flows
|
|
145
|
+
if ext._flag_t:
|
|
146
|
+
if ext._tcp:
|
|
147
|
+
data_tf_tcp = tcp_traceflow(packet)
|
|
148
|
+
if data_tf_tcp is not None:
|
|
149
|
+
ext._trace.tcp(data_tf_tcp)
|
|
150
|
+
|
|
151
|
+
# record frames
|
|
152
|
+
if ext._flag_d:
|
|
153
|
+
# setattr(packet, 'packet2dict', packet2dict)
|
|
154
|
+
ext._frame.append(packet)
|
|
155
|
+
|
|
156
|
+
# return frame record
|
|
157
|
+
return packet
|
|
158
|
+
|
|
159
|
+
def close(self) -> 'None':
|
|
160
|
+
"""Close engine.
|
|
161
|
+
|
|
162
|
+
This method is to be used for closing the engine instance. It is to
|
|
163
|
+
close the engine instance after the extraction process is finished.
|
|
164
|
+
|
|
165
|
+
"""
|
|
166
|
+
self._extmp.close()
|