Ejemplo n.º 1
0
def pcap_compile_nopcap(snaplen, linktype, buf, optimize, netmask):
    '''Compile a packet filter without the need of opening an adapter.
    This function converts an high level filtering expression in a program
    that can be interpreted by the kernel-level filtering engine.

    pcap_compile_nopcap() is similar to pcap_compile() except that instead of passing a pcap structure,
    one passes the snaplen and linktype explicitly.
    It is intended to be used for compiling filters for direct BPF usage,
    without necessarily having called pcap_open().

    pcap_compile_nopcap() return a pointer to a bpf_program struct
    raise PcapError on an error, but the error text is unavailable.

    pcap_compile_nopcap() is a wrapper around pcap_open_dead(), pcap_compile(), and pcap_close();
    the latter three routines can be used directly in order to get the error text for a compilation error.
    '''
    bpf_p = bpf_program_p(bpf_program())
    retcode = _pcap.pcap_compile_nopcap(snaplen, linktype, bpf_p, buf.encode(), int(optimize), c_uint32(netmask))
    if retcode == -1:
        raise PcapError('call pcap_compile_nopcap failed')
    return bpf_p
Ejemplo n.º 2
0
def pcap_compile_nopcap(snaplen, linktype, buf, optimize, netmask):
    '''Compile a packet filter without the need of opening an adapter. 
    This function converts an high level filtering expression in a program 
    that can be interpreted by the kernel-level filtering engine.
    
    pcap_compile_nopcap() is similar to pcap_compile() except that instead of passing a pcap structure, 
    one passes the snaplen and linktype explicitly.
    It is intended to be used for compiling filters for direct BPF usage, 
    without necessarily having called pcap_open(). 
    
    pcap_compile_nopcap() return a pointer to a bpf_program struct
    raise PcapError on an error, but the error text is unavailable. 
    
    pcap_compile_nopcap() is a wrapper around pcap_open_dead(), pcap_compile(), and pcap_close(); 
    the latter three routines can be used directly in order to get the error text for a compilation error.
    '''
    bpf_p = bpf_program_p(bpf_program())
    retcode = _pcap.pcap_compile_nopcap(snaplen, linktype, bpf_p, buf.encode(), int(optimize), c_uint32(netmask))
    if retcode == -1:
        raise PcapError('call pcap_compile_nopcap failed') 
    return bpf_p
Ejemplo n.º 3
0
def pcap_compile(hpcap, buf, optimize, netmask):
    '''Compile a packet filter, converting an high level filtering expression in a program
        that can be interpreted by the kernel-level filtering engine.
    pcap_compile() is used to compile the string buf into a filter program.

    optimize controls whether optimization on the resulting code is performed.
    netmask specifies the IPv4 netmask of the network on which packets are being captured;
        it is used only when checking for IPv4 broadcast addresses in the filter program.
        If the netmask of the network on which packets are being captured isn't known to the program,
        or if packets are being captured on the Linux "any" pseudo-interface that can capture on more than one network,
        a value of 0 can be supplied;

    tests for IPv4 broadcast addreses won't be done correctly, but all other tests in the filter program will be OK.

    return a pointer to a bpf_program struct
    raise PcapError on an error.
    '''
    bpf_p = bpf_program_p(bpf_program())
    retcode = _pcap.pcap_compile(hpcap, bpf_p, buf.encode(), int(optimize), c_uint32(netmask))
    if retcode == -1:
        raise PcapError(pcap_geterr(hpcap))
    return bpf_p
Ejemplo n.º 4
0
def pcap_compile(hpcap, buf, optimize, netmask):
    '''Compile a packet filter, converting an high level filtering expression in a program 
        that can be interpreted by the kernel-level filtering engine.

    pcap_compile() is used to compile the string buf into a filter program. 
    
    optimize controls whether optimization on the resulting code is performed. 
    netmask specifies the IPv4 netmask of the network on which packets are being captured; 
        it is used only when checking for IPv4 broadcast addresses in the filter program. 
        If the netmask of the network on which packets are being captured isn't known to the program, 
        or if packets are being captured on the Linux "any" pseudo-interface that can capture on more than one network, 
        a value of 0 can be supplied; 
    
    tests for IPv4 broadcast addreses won't be done correctly, but all other tests in the filter program will be OK. 
    
    return a pointer to a bpf_program struct
    raise PcapError on an error. 
    '''
    bpf_p = bpf_program_p(bpf_program())
    retcode = _pcap.pcap_compile(hpcap, bpf_p, buf.encode(), int(optimize), c_uint32(netmask))
    if retcode == -1:
        raise PcapError(pcap_geterr(hpcap)) 
    return bpf_p