def __init__(self, datalink=IL_TYPE_ETH, context=None):
"""
Create an audit manager to use in conjunction with a PacketProducer
that feeds the instance with feed() method @see AuditManager.feed.
@param datalink the datalink to be used. As default we use IL_TYPE_ETH.
For more information on that @see pcap_datalink manpage
@param context an AuditContext or None
"""
self._datalink = datalink
self._context = context
self._conn_manager = ConnectionManager()
self._main_decoder = AuditManager().get_decoder(
LINK_LAYER, self._datalink)
def __init__(self, datalink=IL_TYPE_ETH, context=None):
"""
Create an audit manager to use in conjunction with a PacketProducer
that feeds the instance with feed() method @see AuditManager.feed.
@param datalink the datalink to be used. As default we use IL_TYPE_ETH.
For more information on that @see pcap_datalink manpage
@param context an AuditContext or None
"""
self._datalink = datalink
self._context = context
self._conn_manager = ConnectionManager()
self._main_decoder = AuditManager().get_decoder(LINK_LAYER,
self._datalink)
class AuditDispatcher(object):
def __init__(self, datalink=IL_TYPE_ETH, context=None):
"""
Create an audit manager to use in conjunction with a PacketProducer
that feeds the instance with feed() method @see AuditManager.feed.
@param datalink the datalink to be used. As default we use IL_TYPE_ETH.
For more information on that @see pcap_datalink manpage
@param context an AuditContext or None
"""
self._datalink = datalink
self._context = context
self._conn_manager = ConnectionManager()
self._main_decoder = AuditManager().get_decoder(LINK_LAYER,
self._datalink)
def feed(self, mpkt, *args):
"""
General purpose procedure.
Will be used the main_decoder created in the constructor. So if you need
to have another main_dissector you could change it with the correct
property.
@param metapkt a MetaPacket object or None
"""
if not mpkt:# or not self._main_decoder:
return
manager = AuditManager()
manager.run_hook_point('pm::received', mpkt)
if not self._context:
manager.run_decoder(LINK_LAYER, self.datalink, mpkt)
return
# Same code of run_decoder.
# Only executed when there's a context so we can have more granularity
# over various callbacks
level = LINK_LAYER
type = self.datalink
mpkt.context = self._context
while level is not None and type is not None:
decoder, pre, post = manager.get_decoder(level, type)
if not decoder and not pre and not post:
break
#log.debug("Running decoder %s" % decoder)
for pre_hook in pre:
pre_hook(mpkt)
if decoder:
ret = decoder(mpkt)
for post_hook in post:
post_hook(mpkt)
if decoder and isinstance(ret, tuple):
# Infinite loop over there :)
level, type = ret
else:
break
if not mpkt.flags & MPKT_FORWARDED:
self._conn_manager.parse(mpkt)
if mpkt.flags & MPKT_FORWARDABLE:
manager.run_hook_point('pm::pre-forward', mpkt)
self._context.forward(mpkt)
mpkt.context = None
mpkt.data = ''
def get_main_decoder(self): return self._main_decoder
def set_main_decoder(self, dec): self._main_decoder = dec
def get_datalink(self): return self._datalink
def get_connection_manager(self): return self._conn_manager
main_decoder = property(get_main_decoder, set_main_decoder)
datalink = property(get_datalink)
class AuditDispatcher(object):
def __init__(self, datalink=IL_TYPE_ETH, context=None):
"""
Create an audit manager to use in conjunction with a PacketProducer
that feeds the instance with feed() method @see AuditManager.feed.
@param datalink the datalink to be used. As default we use IL_TYPE_ETH.
For more information on that @see pcap_datalink manpage
@param context an AuditContext or None
"""
self._datalink = datalink
self._context = context
self._conn_manager = ConnectionManager()
self._main_decoder = AuditManager().get_decoder(
LINK_LAYER, self._datalink)
def feed(self, mpkt, *args):
"""
General purpose procedure.
Will be used the main_decoder created in the constructor. So if you need
to have another main_dissector you could change it with the correct
property.
@param metapkt a MetaPacket object or None
"""
if not mpkt: # or not self._main_decoder:
return
manager = AuditManager()
manager.run_hook_point('pm::received', mpkt)
if not self._context:
manager.run_decoder(LINK_LAYER, self.datalink, mpkt)
return
# Same code of run_decoder.
# Only executed when there's a context so we can have more granularity
# over various callbacks
level = LINK_LAYER
type = self.datalink
mpkt.context = self._context
while level is not None and type is not None:
decoder, pre, post = manager.get_decoder(level, type)
if not decoder and not pre and not post:
break
#log.debug("Running decoder %s" % decoder)
for pre_hook in pre:
pre_hook(mpkt)
if decoder:
ret = decoder(mpkt)
for post_hook in post:
post_hook(mpkt)
if decoder and isinstance(ret, tuple):
# Infinite loop over there :)
level, type = ret
else:
break
if not mpkt.flags & MPKT_FORWARDED:
self._conn_manager.parse(mpkt)
if mpkt.flags & MPKT_FORWARDABLE:
manager.run_hook_point('pm::pre-forward', mpkt)
self._context.forward(mpkt)
mpkt.context = None
mpkt.data = ''
def get_main_decoder(self):
return self._main_decoder
def set_main_decoder(self, dec):
self._main_decoder = dec
def get_datalink(self):
return self._datalink
def get_connection_manager(self):
return self._conn_manager
main_decoder = property(get_main_decoder, set_main_decoder)
datalink = property(get_datalink)
