def unpack(packed_bytes): "Deserialize an EPB object from packed bytes" util.assert_type_bytes(packed_bytes) (block_type, block_total_len, interface_id, timestamp_high, timestamp_low, pkt_data_captured_len, pkt_data_orig_len) = struct.unpack(EnhancedPacketBlock.head_encoding, packed_bytes[:28]) (block_total_len_end, ) = struct.unpack( EnhancedPacketBlock.tail_encoding, packed_bytes[-4:]) time_utc_micros = util.uint64_join32(timestamp_high, timestamp_low) assert block_type == EnhancedPacketBlock.SPEC_CODE #todo verify block type & all fields, all fns assert block_total_len == block_total_len_end == len(packed_bytes) assert pkt_data_captured_len <= pkt_data_orig_len pkt_data_captured_pad_len = util.block32_ceil_num_bytes( pkt_data_captured_len) block_bytes_stripped = packed_bytes[28:-4] pkt_data = block_bytes_stripped[:pkt_data_captured_len] options_bytes = block_bytes_stripped[pkt_data_captured_pad_len:] options_lst = option.unpack_all( EnhancedPacketBlock.UNPACK_DISPATCH_TABLE, options_bytes) result_obj = EnhancedPacketBlock(interface_id, pkt_data, pkt_data_orig_len, options_lst, timestamp=time_utc_micros) return result_obj
def uint32_unpack(packed_bytes): util.assert_type_bytes(packed_bytes) assert len(packed_bytes) == 8 (type, length, value) = struct.unpack('=HHL', packed_bytes[:8]) #todo use endian flag assert (type, length) == (UINT32, 4) return value
def uint16_unpack(packed_bytes): util.assert_type_bytes(packed_bytes) assert len(packed_bytes) == 8 (type, length, value) = struct.unpack('=HHH', packed_bytes[:6]) #todo use endian flag assert (type, length) == (UINT16, 2) return value
def float64_unpack(packed_bytes): util.assert_type_bytes(packed_bytes) assert len(packed_bytes) == 12 (type, length, value) = struct.unpack('=HHd', packed_bytes[:12]) #todo use endian flag assert (type, length) == (FLOAT64, 8) return value
def int8_unpack(packed_bytes): util.assert_type_bytes(packed_bytes) assert len(packed_bytes) == 8 (type, length, value) = struct.unpack('=HHb', packed_bytes[:5]) #todo use endian flag assert (type, length) == (INT8, 1) return value
def unpack(packed_bytes): "Deserialize a ISIS MRT Block object from packed bytes" util.assert_type_bytes(packed_bytes) cbc_obj = CustomBlockCopyable.unpack(packed_bytes) assert cbc_obj.block_type == CustomBlockCopyable.SPEC_CODE assert cbc_obj.pen_val == pcapng.pen.BROCADE_PEN assert cbc_obj.options_lst == CustomMrtIsisBlock.cmib_options mrt_info = mrt.mrt_isis_block_unpack(cbc_obj.content) return mrt_info
def string_utf8_unpack(packed_bytes): util.assert_type_bytes(packed_bytes) (type, length) = struct.unpack('=HH', packed_bytes[:4]) #todo use endian flag content_pad = packed_bytes[4:] assert type == STRING_UTF8 assert 0 <= length <= len(content_pad) content = str(content_pad[:length]) return content
def segment_all(raw_bytes): """Given the packed bytes for multiple options, returns a list of packed bytes for the individual options.""" util.assert_type_bytes(raw_bytes) util.assert_block32_length(raw_bytes) segments = [] while (0 < len(raw_bytes)): (segment, raw_bytes_remaining) = segment_rolling(raw_bytes) segments.append(segment) raw_bytes = raw_bytes_remaining return segments
def segment_rolling(raw_bytes): #todo inline below #todo verify all fields """Given the packed bytes for multiple options, unpacks and returns the first option object and the remaining packed bytes.""" util.assert_type_bytes(raw_bytes) assert 4 <= len(raw_bytes) (type_code, content_len_orig) = struct.unpack('=HH', raw_bytes[:4]) content_len_pad = util.block32_ceil_num_bytes(content_len_orig) first_block_len_pad = 4 + content_len_pad assert first_block_len_pad <= len(raw_bytes) opt_bytes = raw_bytes[:first_block_len_pad] raw_bytes_remaining = raw_bytes[first_block_len_pad:] return (opt_bytes, raw_bytes_remaining)
def unpack(block_bytes): #todo verify block type & all fields "Deserialize an SPB object from packed bytes" util.assert_type_bytes(block_bytes) (block_type, block_total_len, original_pkt_len) = struct.unpack(SimplePacketBlock.head_encoding, block_bytes[:12]) (block_total_len_end, ) = struct.unpack( SimplePacketBlock.tail_encoding, block_bytes[-4:]) assert block_type == SimplePacketBlock.SPEC_CODE assert block_total_len == block_total_len_end == len(block_bytes) pkt_data = block_bytes[12:(12 + original_pkt_len)] result_obj = SimplePacketBlock(pkt_data) return result_obj
def test_section_header_block(): opts = [ option.ShbHardware("Dell"), option.ShbOs("Ubuntu"), option.ShbUserAppl("IntelliJ Idea") ] shb_obj = block.SectionHeaderBlock(opts) idb_bytes = shb_obj.pack() shb_obj_unpacked = block.SectionHeaderBlock.unpack(idb_bytes) util.assert_type_bytes(idb_bytes) assert util.classname( shb_obj_unpacked) == 'pcapng.block.SectionHeaderBlock' print('710', shb_obj) print('711', shb_obj_unpacked) assert shb_obj == shb_obj_unpacked
def segment_all(raw_bytes): """Given concatenated packed bytes for PCAPNG blocks, returns a list of packed bytes for individual block segments""" util.assert_type_bytes(raw_bytes) util.assert_block32_length(raw_bytes) blk_segments = [] while (0 < len(raw_bytes)): assert 8 <= len(raw_bytes) (blk_type, blk_total_len, unused) = strip_header(raw_bytes) assert blk_total_len <= len(raw_bytes) blk_bytes = raw_bytes[:blk_total_len] raw_bytes_remaining = raw_bytes[blk_total_len:] blk_segments.append(blk_bytes) raw_bytes = raw_bytes_remaining return blk_segments
def pack(self): "Serialize a IDB object into packed bytes" options_bytes = option.pack_all(self.options_lst) util.assert_type_bytes(options_bytes) util.assert_block32_length(options_bytes) block_total_len = ( 4 + # block type 4 + # block total length 2 + 2 + # linktype + reserved 4 + # snaplen len(options_bytes) + 4) # block total length packed_bytes = (struct.pack( self.block_head_encoding, self.SPEC_CODE, block_total_len, self.link_type, self.reserved, self.snaplen) + options_bytes + struct.pack(self.block_tail_encoding, block_total_len)) return packed_bytes
def unpack(packed_bytes): #todo verify block type & all fields "Deserialize a CBC object from packed bytes" util.assert_type_bytes(packed_bytes) (block_type, block_total_len, pen_val) = struct.unpack(CustomBlock.head_encoding, packed_bytes[:12]) (block_total_len_end, ) = struct.unpack(CustomBlock.tail_encoding, packed_bytes[-4:]) assert (block_type == CustomBlockCopyable.SPEC_CODE) assert pen_val == pcapng.pen.BROCADE_PEN assert block_total_len == block_total_len_end == len(packed_bytes) block_bytes_stripped = packed_bytes[12:-4] (content_bytes, options_bytes ) = util.block32_lv_bytes_unpack_rolling(block_bytes_stripped) options_lst = option.unpack_all(CustomBlock.UNPACK_DISPATCH_TABLE, options_bytes) result_obj = CustomBlockCopyable(pen_val, content_bytes, options_lst) return result_obj
def unpack(block_bytes): #todo verify block type & all fields "Deserialize a IDB object from packed bytes" util.assert_type_bytes(block_bytes) (block_type, block_total_len, link_type, reserved, snaplen) = struct.unpack(InterfaceDescBlock.block_head_encoding, block_bytes[:16]) (block_total_len_end, ) = struct.unpack( InterfaceDescBlock.block_tail_encoding, block_bytes[-4:]) assert block_type == InterfaceDescBlock.SPEC_CODE assert block_total_len == block_total_len_end == len(block_bytes) assert reserved == 0 assert snaplen == 0 options_bytes = block_bytes[16:-4] options_lst = option.unpack_all( InterfaceDescBlock.UNPACK_DISPATCH_TABLE, options_bytes) result_obj = InterfaceDescBlock(link_type, options_lst) return result_obj
def unpack(block_bytes): #todo verify block type & all fields "Deserialize a SHB object from packed bytes" util.assert_type_bytes(block_bytes) (block_type, block_total_len, byte_order_magic, major_version, minor_version, section_len) = struct.unpack(SectionHeaderBlock.block_head_encoding, block_bytes[:24]) (block_total_len_end, ) = struct.unpack( SectionHeaderBlock.block_tail_encoding, block_bytes[-4:]) assert block_type == SectionHeaderBlock.SPEC_CODE assert byte_order_magic == BYTE_ORDER_MAGIC assert major_version == SectionHeaderBlock.MAJOR_VERSION assert minor_version == SectionHeaderBlock.MINOR_VERSION assert block_total_len == block_total_len_end == len(block_bytes) # section_len currently ignored options_bytes = block_bytes[24:-4] options_lst = option.unpack_all( SectionHeaderBlock.UNPACK_DISPATCH_TABLE, options_bytes) result_obj = SectionHeaderBlock(options_lst) return result_obj